Detecting a series of vulnerabilities can help hackers disable metal detectors at airports
Taking advantage of these vulnerabilities, hackers can bypass authentication requests, forge detector configurations, and even execute arbitrary code on the device.
"An attacker can manipulate this module to remotely monitor metal detector statistics, such as whether alarms have been triggered or how many visitors have passed," the report said. by Cisco Talos revealed. "Hackers can also make configuration changes, such as changing device sensitivity, which can pose security risks to organizations that rely heavily on detectors. metal".
Cisco Talos security researcher Matt Wiseman discovered and reported the vulnerabilities on August 17, 2021. Patches were released by the vendor on 12/13/2021.
The vulnerabilities reside in the Garrett iC Module, which allows operators to communicate with pass-through gate metal detectors such as the Garrett PD 6500i or Garrett MZ 6100 using a computer over a wired or wireless network. It allows operators to perform remote device operations and monitoring in real time.
Here is the list of newly disclosed vulnerabilities:
- CVE-2021-21901 (CVSS score: 9.8), CVE-2021-21903 (CVSS score: 9.8), CVE-2021-21905 and CVE-2021-21906 (CVSS score: 8.2) - Vulnerability A stack-based buffer overflow can be triggered by sending a malicious packet to the device
- CVE-2021-21902 (CVSS score: 7.5) - Authentication bypass vulnerability stemming from a rare condition, which can be triggered by sending a request string
- CVE-2021-21904 (CVSS score: 9.1), CVE-2021-21907 (CVSS score: 4.9), CVE-2021-21908 and CVE-2021-21909 (CVSS score: 6.5) - Holes directory traversal vulnerability that can be exploited by sending specially crafted commands
By successfully exploiting the aforementioned vulnerabilities in the iC Module CMA version 5.0, an attacker can hijack an authenticated user's session, be able to read, write, or delete arbitrary files on the device and worse. is to lead to remote code execution.
Due to the severity of the vulnerabilities, units using metal detectors are advised to update the firmware to the latest version as soon as possible.
You should read it
- AMD patched a series of security holes in the graphics driver for Windows 10
- Top 30 serious security holes are being exploited by hackers the most
- Take a look at the most significant threats from the security world in 2019
- Warning of dangerous vulnerabilities on WinRAR, users should uninstall or upgrade to a new version
- Microsoft silently updated Windows 10 to patch 2 serious security holes
- Detecting security holes that cause a series of D-Link VPN routers to be remotely attacked
- 10 interesting facts about black holes in the universe (Part 1)
- New security vulnerabilities on iOS 12.1 allow access to contacts and phone calls
May be interested
- Detecting an extremely dangerous vulnerability on nearly 16,000 iOS applicationsapps with high download volume and users of over 100 million people like instagram, amazon, twitter and dropbox are likely to be affected.
- Three critical holes in Linksys routers, hackers can take advantage of hijackinglinksys e series routers can get three vulnerabilities that help hackers gain control.
- Disable 92% of Windows vulnerabilitiesaccording to beyondtrust, it is possible to limit the damage or completely avoid attacks on windows vulnerabilities without logging in as an administrator.
- The US shares the top 20 vulnerabilities most exploited by Chinese hackers since 2020 until nownsa, cisa and fbi have just released a list of vulnerabilities most exploited by chinese hackers to target government and critical infrastructure networks.
- Summary of popular network attacks todayfor attacks by exploiting vulnerabilities, hackers must be aware of security issues on the operating system or software and take advantage of this knowledge to exploit vulnerabilities.
- Detecting vulnerabilities in Snapdragon chips allows hackers to penetrate nearly every Android smartphone via wifisecurity researchers have discovered two separate holes on the snapdragon chip that allow hackers to simply connect to the same wi-fi network with their phones or other technology items running the android operating system. occupy device access.
- New series of Bluetooth vulnerabilities discovered that could put millions of Windows and Android devices worldwide in troublehackers can easily take advantage of existing vulnerabilities in the bluetooth protocol to deploy many different violating activities.
- Detecting high-risk vulnerabilities potentially affecting 1 million servers worldwidethe vulnerability allows an attacker to read configuration files of the application, steal passwords or api tokens, and even hijack the server.
- Microsoft expert discovered a series of serious code execution errors in IoT, OT devicesmicrosoft security researchers announced that they discovered more than two dozen serious remote code execution (rce) vulnerabilities related to internet of things (iot) and operational technology (ot) devices being used. relatively popular use today.
- Hacker earned $ 32,000 in 7 weeks by fixing a series of gaps in e-money projectsover the past 7 weeks, white-hat hackers around the world have earned at least $ 32,150 through the successful fix of a series of security flaws that appear on popular electronic and blockchain platforms like tron, brave, eos and coinbase.