k3vinlusec

3 exploits Active since Oct 2019
CVE-2020-0022 NOMISEC HIGH WORKING POC
Android -8.0,8.1,9,10 - RCE
In reassemble_and_dispatch of packet_fragmenter.cc, there is possible out of bounds write due to an incorrect bounds calculation. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-143894715
29 stars
CVSS 8.8
CVE-2020-15416 NOMISEC HIGH WORKING POC
NETGEAR R6700 V1.0.4.84_10.0.58 - Buffer Overflow
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9703.
CVSS 8.8
CVE-2019-11932 NOMISEC HIGH WRITEUP
android-gif-drawable <1.2.18 - RCE
A double free vulnerability in the DDGifSlurp function in decoding.c in the android-gif-drawable library before version 1.2.18, as used in WhatsApp for Android before version 2.19.244 and many other Android applications, allows remote attackers to execute arbitrary code or cause a denial of service when the library is used to parse a specially crafted GIF image.
CVSS 8.8