Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
SystemDetecting a series of vulnerabilities can help hackers disable metal detectors at airports
Researchers have discovered a series of security vulnerabilities in a network component of Garrett Metal Detectors.
Taking advantage of these vulnerabilities, hackers can bypass authentication requests, forge detector configurations, and even execute arbitrary code on the device.
"An attacker can manipulate this module to remotely monitor metal detector statistics, such as whether alarms have been triggered or how many visitors have passed," the report said. by Cisco Talos revealed. "Hackers can also make configuration changes, such as changing device sensitivity, which can pose security risks to organizations that rely heavily on detectors. metal".
Cisco Talos security researcher Matt Wiseman discovered and reported the vulnerabilities on August 17, 2021. Patches were released by the vendor on 12/13/2021.
The vulnerabilities reside in the Garrett iC Module, which allows operators to communicate with pass-through gate metal detectors such as the Garrett PD 6500i or Garrett MZ 6100 using a computer over a wired or wireless network. It allows operators to perform remote device operations and monitoring in real time.
Here is the list of newly disclosed vulnerabilities:
- CVE-2021-21901 (CVSS score: 9.8), CVE-2021-21903 (CVSS score: 9.8), CVE-2021-21905 and CVE-2021-21906 (CVSS score: 8.2) - Vulnerability A stack-based buffer overflow can be triggered by sending a malicious packet to the device
- CVE-2021-21902 (CVSS score: 7.5) - Authentication bypass vulnerability stemming from a rare condition, which can be triggered by sending a request string
- CVE-2021-21904 (CVSS score: 9.1), CVE-2021-21907 (CVSS score: 4.9), CVE-2021-21908 and CVE-2021-21909 (CVSS score: 6.5) - Holes directory traversal vulnerability that can be exploited by sending specially crafted commands
By successfully exploiting the aforementioned vulnerabilities in the iC Module CMA version 5.0, an attacker can hijack an authenticated user's session, be able to read, write, or delete arbitrary files on the device and worse. is to lead to remote code execution.
Due to the severity of the vulnerabilities, units using metal detectors are advised to update the firmware to the latest version as soon as possible.
- Things to know about smoke alarms
- Detecting extremely serious vulnerabilities that allow hacking iPhone just by sending email, victims who are not open are also attacked
- This technology can turn metal surfaces into 'dead zones' with bacteria
- The world's first airport for unmanned aerial vehicles is about to start
- Successfully formulated, programmable, liquid metal fabrication that can conduct electricity
- Good hackers find and patch the vulnerability for more than 100,000 other routers
- Critical vulnerabilities discovered in Framework Electron, Skype, Slack, Twitch and a series of affected apps
- Discover Dragonblood security vulnerability in WPA3
- Microsoft has a group of 'elite' hackers that specialize in attacking Windows to keep the operating system safe
- Google has reported a zero-day vulnerability that has just appeared in Windows 7, Microsoft has not yet released a patch
- How to protect your computer against Meltdown and Specter security errors
- Critical RCE vulnerability affects 29 DrayTek router models
- The source code for iOS is revealed on GitHub as 'real goods', this is the time to reveal the biggest information in history
- The unsafe 'feature' on UC Browser allows hackers to take control of Android phones remotely
- Discover new Zero-Day vulnerabilities that target bugs in Windows 10 Task Scheduler
- Origin of the name and logo of Meltdown and Specter - Melting and Ghosts
-
Discovering two serious RCE vulnerabilities on Windows, Microsoft had to issue an emergency patch - Hundreds of HP printer models contain vulnerabilities that allow remote code execution attacks
- Found 37 security holes in VNC on Linux, Windows
- Google Chrome again urgently updates to patch serious security holes
- KRACK attack breaks down the WPA2 WiFi protocol
- Intel has overcome serious vulnerabilities in graphics drivers for Windows
Discovering two serious RCE vulnerabilities on Windows, Microsoft had to issue an emergency patch 
Hundreds of HP printer models contain vulnerabilities that allow remote code execution attacks 
Found 37 security holes in VNC on Linux, Windows 
Google Chrome again urgently updates to patch serious security holes 
KRACK attack breaks down the WPA2 WiFi protocol 
Intel has overcome serious vulnerabilities in graphics drivers for Windows 
Windows XP
Windows Server 2012
Windows 8
Windows 7
Windows 10
Wifi tips
Virus Removal - Spyware
Speed up the computer
Server
Security solution
Mail Server
LAN - WAN
Ghost - Install Win
Fix computer error
Configure Router Switch
Computer wallpaper
Computer security
Windows 11
Mac OS X
Hardware
Game