Aggregator

2月│月报 谛听工控安全月报上线了，工信部的最新政策，2月发生的多起工控安全事件，谛听团队收集的最新攻击教据......更多安全资讯，请关注“谛听ditecting",每月更新!

如何用AI实现一款APT溯源工具

A vulnerability identified as problematic has been detected in Gestsup 3.2.46. This issue affects some unknown processing. Performing a manipulation results in cross-site request forgery. This vulnerability is identified as CVE-2023-52060. The attack can be initiated remotely. There is not any exploit available.

A vulnerability described as critical has been identified in gross up to 1.0.3. This affects an unknown part of the component grossd. The manipulation results in stack-based buffer overflow. This vulnerability is cataloged as CVE-2023-52159. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability has been found in Tenda AX1803 1.0.0.1 and classified as critical. Affected by this issue is the function formGetIptv. The manipulation of the argument stbpvid leads to stack-based buffer overflow. This vulnerability is referenced as CVE-2023-51959. The attack needs to be initiated within the local network. No exploit is available.

A vulnerability was found in Tenda AX1803 1.0.0.1. It has been rated as critical. Impacted is the function setIptvInfo. Performing a manipulation of the argument mode results in stack-based buffer overflow. This vulnerability is cataloged as CVE-2023-51962. The attack must originate from the local network. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Mitsubishi Electric CPU Module Logging Configuration Tool, CSGL, CW Configurator, Data Transfer, Data Transfer Classic, EZSocket, FR Configurator SW3, FR Configurator2, GENESIS64, GT Designer3, GT SoftGOT1000, GT SoftGOT2000, GX Developer, GX LogViewer, GX Works2, GX Works3, iQ Works, MI Configurator, Numerical Control Device Communication Software, MR Configurator, MR Configurator2, MRZJW3-MC2-UTL, MX Component, MX OPC Server DA UA, PX Developer Monitor Tool, RT ToolBox3, RT VisualBox, Monitoring tools for the C Controller Module, SW0DNC-MNETH-B, SW1DNC-CCBD2-B, SW1DNC-CCIEF-J, SW1DNC-CCIEF-B, SW1DNC-MNETG-B, SW1DNC-QSCCF-B and SW1DND-EMSDK-B. This affects an unknown function. This manipulation causes improper privilege management. The identification of this vulnerability is CVE-2023-51776. The attack can only be executed locally. There is no exploit available.

A vulnerability has been found in Mitsubishi Electric CPU Module Logging Configuration Tool, CSGL, CW Configurator, Data Transfer, Data Transfer Classic, EZSocket, FR Configurator SW3, FR Configurator2, GENESIS64, GT Designer3, GT SoftGOT1000, GT SoftGOT2000, GX Developer, GX LogViewer, GX Works2, GX Works3, iQ Works, MI Configurator, Numerical Control Device Communication Software, MR Configurator, MR Configurator2, MRZJW3-MC2-UTL, MX Component, MX OPC Server DA UA, PX Developer Monitor Tool, RT ToolBox3, RT VisualBox, Monitoring tools for the C Controller Module, SW0DNC-MNETH-B, SW1DNC-CCBD2-B, SW1DNC-CCIEF-J, SW1DNC-CCIEF-B, SW1DNC-MNETG-B, SW1DNC-QSCCF-B and SW1DND-EMSDK-B and classified as critical. Affected is an unknown function. Performing a manipulation results in out-of-bounds write. This vulnerability is identified as CVE-2023-51778. The attack is only possible with local access. There is not any exploit available.

A vulnerability categorized as problematic has been discovered in Wind River VxWorks 22.09/23.03. The impacted element is an unknown function of the component OpenSSL Handler. Such manipulation leads to memory leak. This vulnerability is listed as CVE-2023-51787. The attack must be carried out from within the local network. There is no available exploit.

苹果今年或推三款「Ultra」高端新品 折叠屏 iPhone 领衔；消息称小米入局车载光伏

好的，用户让我帮忙总结一篇文章，控制在一百个字以内，而且不需要特定的开头。首先，我需要理解文章内容。看起来文章提到当前环境异常，需要完成验证才能继续访问，并且有一个“去验证”的按钮。 接下来，我要确定用户的需求。他们可能是在处理某个系统问题，遇到了环境异常的情况，需要快速了解解决方法。因此，总结时要突出关键点：环境异常、验证步骤和继续访问的条件。 然后，我要考虑如何简洁地表达这些信息。确保在一百个字以内，同时保持清晰明了。可能的结构是先说明问题，再指出解决方法和结果。 最后，检查是否有遗漏的信息或是否需要调整措辞以更准确传达内容。确保总结直接且符合用户的要求。 当前环境出现异常状态，需完成验证后才能继续访问。

A vulnerability has been found in EasyCMS up to 1.6 and classified as critical. The affected element is an unknown function of the file /RbacnodeAction.class.php of the component Request Parameter Handler. The manipulation of the argument _order leads to sql injection. This vulnerability is documented as CVE-2026-3785. The attack can be initiated remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in EasyCMS up to 1.6 and classified as critical. The impacted element is an unknown function of the file /RbacuserAction.class.php of the component Request Parameter Handler. The manipulation of the argument _order results in sql injection. This vulnerability is reported as CVE-2026-3786. The attack can be launched remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability categorized as critical has been discovered in UTT HiPER 810G up to 1.7.7-171114. This impacts the function strcpy of the file /goform/formRemoteControl. The manipulation results in buffer overflow. This vulnerability is cataloged as CVE-2026-3699. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability identified as critical has been detected in UTT HiPER 810G up to 1.7.7-171114. Affected is the function strcpy of the file /goform/formConfigDnsFilterGlobal. This manipulation causes buffer overflow. This vulnerability is registered as CVE-2026-3700. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability labeled as critical has been found in H3C Magic B1 up to 100R004. Affected by this vulnerability is the function Edit_BasicSSID_5G of the file /goform/aspForm. Such manipulation of the argument param leads to buffer overflow. This vulnerability is documented as CVE-2026-3701. The attack can be executed remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical has been found in Wavlink NU516U1 251208. This vulnerability affects the function sub_405B2C of the file /cgi-bin/firewall.cgi of the component Incomplete Fix CVE-2025-10959. The manipulation leads to command injection. This vulnerability is traded as CVE-2026-3704. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

A vulnerability marked as problematic has been reported in SourceCodester Loan Management System 1.0. Affected by this issue is some unknown functionality of the file /index.php. Performing a manipulation of the argument page results in cross site scripting. This vulnerability is reported as CVE-2026-3702. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability described as critical has been identified in Wavlink NU516U1 251208. This affects the function sub_401A10 of the file /cgi-bin/login.cgi. Executing a manipulation of the argument ipaddr can lead to out-of-bounds write. This vulnerability appears as CVE-2026-3703. The attack may be performed from remote. In addition, an exploit is available. Upgrading the affected component is recommended. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.