Security News

Netgear is pushing out fixes for a bad Orbi firmware update released earlier this month that prevents users from accessing the device's admin console. "We are aware of an issue affecting the Orbi RBK85x and RBK75x Series Mesh WiFi 6 Systems," Netgear explained on their status page.

"Potential security vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution. HP is releasing firmware updates to mitigate these potential vulnerabilities," reads the short advisory. "This vulnerability could allow an attacker executing with kernel-level privileges to escalate privileges to System Management Mode. Executing in SMM gives an attacker full privileges over the host to further carry out attacks." explains a report by Starke.

QNAP, Taiwanese maker of network-attached storage devices, on Friday released security updates to patch nine security weaknesses, including a critical issue that could be exploited to take over an affected system. "A vulnerability has been reported to affect QNAP VS Series NVR running QVR," QNAP said in an advisory.

Network-attached storage appliance maker QNAP on Thursday said it's investigating its lineup for potential impact arising from two security vulnerabilities that were addressed in the Apache HTTP server last month. The critical flaws, tracked as CVE-2022-22721 and CVE-2022-23943, are rated 9.8 for severity on the CVSS scoring system and impact Apache HTTP Server versions 2.4.52 and earlier -.

Three high-impact Unified Extensible Firmware Interface security vulnerabilities have been discovered impacting various Lenovo consumer laptop models, enabling malicious actors to deploy and execute firmware implants on the affected devices. Tracked as CVE-2021-3970, CVE-2021-3971, and CVE-2021-3972, the latter two "Affect firmware drivers originally meant to be used only during the manufacturing process of Lenovo consumer notebooks," ESET researcher Martin Smolár said in a report published today.

Lenovo has published a security advisory on vulnerabilities that impact its Unified Extensible Firmware Interface loaded on at least 100 of its laptop models. A total of three security issues were discovered, two of them allowing an attacker to disable the protection for the SPI flash memory chip where the UEFI firmware is stored and to turn off the UEFI Secure Boot feature, which ensures the system loads at boot time only code trusted by the Original Equipment Manufacturer.

Lenovo has published a security advisory on vulnerabilities that impact its Unified Extensible Firmware Interface loaded on at least 100 of its laptop models. A total of three security issues were discovered, two of them allowing an attacker to disable the protection for the SPI flash memory chip where the UEFI firmware is stored and to turn off the UEFI Secure Boot feature, which ensures the system loads at boot time only code trusted by the Original Equipment Manufacturer.

Cybersecurity researchers on Tuesday disclosed 16 new high-severity vulnerabilities in various implementations of Unified Extensible Firmware Interface firmware impacting multiple HP enterprise devices. The shortcomings, which have CVSS scores ranging from 7.5 to 8.8, have been uncovered in HP's UEFI firmware.

HP has disclosed 16 high-impact UEFI firmware vulnerabilities that could allow threat actors to infect devices with malware that gain high privileges and remain undetectable by installed security software. SSM. CVE-2021-23924: heap buffer overflow leading to arbitrary code execution.

Researchers from firmware protection company Binarly have discovered critical vulnerabilities in the UEFI firmware from InsydeH2O used by multiple computer vendors such as Fujitsu, Intel, AMD, Lenovo, Dell, ASUS, HP, Siemens, Microsoft, and Acer. UEFI software is an interface between a device's firmware and the operating system, which handles the booting process, system diagnostics, and repair functions.