Home of Pierre



Contact: pierre.kim.sec@gmail.com (GPG key) note: I don't answer to unencrypted GPG emails.
All my emails are sent encrypted and signed by the following key: GPG key.

Twitter: @PierreKimSec

Blog 2.0 - A slice of Kimchi - IT Security Tales
Security Advisories
Misc

Recent IT security research

Date Title
2024-11-01 00:00:00 32 vulnerabilities in IBM Security Verify Access
CVE-2022-2068, CVE-2023-30997, CVE-2023-30998, CVE-2023-31001, CVE-2023-31004, CVE-2023-31005, CVE-2023-31006, CVE-2023-32328, CVE-2023-32329, CVE-2023-32330, CVE-2023-38267, CVE-2023-38267, CVE-2023-38368, CVE-2023-38369, CVE-2023-38370, CVE-2023-43017, CVE-2024-25027, CVE-2024-35137, CVE-2024-35139, CVE-2024-35140, CVE-2024-35141, CVE-2024-35142
2024-11-01 00:00:00 4 vulnerabilities in ibmsecurity
CVE-2024-31871, CVE-2024-31872, CVE-2024-31873, CVE-2024-31874
2024-06-27 00:00:00 40 vulnerabilities in Toshiba Multi-Function Printers
CVE-2024-27141, CVE-2024-27142, CVE-2024-27143, CVE-2024-27144, CVE-2024-27145, CVE-2024-27146, CVE-2024-27147, CVE-2024-27148, CVE-2024-27149, CVE-2024-27150, CVE-2024-27151, CVE-2024-27152, CVE-2024-27153, CVE-2024-27154, CVE-2024-27155, CVE-2024-27156, CVE-2024-27157, CVE-2024-27158, CVE-2024-27159, CVE-2024-27160, CVE-2024-27161, CVE-2024-27162, CVE-2024-27163, CVE-2024-27164, CVE-2024-27165, CVE-2024-27166, CVE-2024-27167, CVE-2024-27168, CVE-2024-27169, CVE-2024-27170, CVE-2024-27171, CVE-2024-27172, CVE-2024-27173, CVE-2024-27174, CVE-2024-27175, CVE-2024-27176, CVE-2024-27177, CVE-2024-27178, CVE-2024-27179, CVE-2024-27180
2024-06-27 00:00:00 17 vulnerabilities in Sharp Multi-Function Printers
CVE-2024-28038, CVE-2024-36251, CVE-2024-28955, CVE-2024-29146, CVE-2024-29978, CVE-2024-32151, CVE-2024-33605, CVE-2024-33610, CVE-2024-33610, CVE-2024-35244, CVE-2024-33616, CVE-2024-34162, CVE-2024-36248
2024-04-24 00:00:00 18 vulnerabilities in Brocade SANnav
CVE-2024-2859, CVE-2024-4159, CVE-2024-4161, CVE-2024-4173, CVE-2024-29960, CVE-2024-29961, CVE-2024-29962, CVE-2024-29963, CVE-2024-29964, CVE-2024-29965, CVE-2024-29966, CVE-2024-29967
2022-08-24 00:00:00 2-byte DoS in freebsd-telnetd / netbsd-telnetd / netkit-telnetd / inetutils-telnetd / telnetd in Kerberos Version 5 Applications - Binary Golf Grand Prix 3 - CVE-2022-39028
2021-07-19 00:00:00 Multiple vulnerabilities in Dell OpenManage Enterprise - CVE-2021-21596
2021-02-23 00:00:00 Yealink DM Pre Auth 'root' level RCE [disclosure with SSD]- CVE-2021-27561 - CVE-2021-27562
2021-01-12 00:00:00 Multiple vulnerabilities found in FiberHome HG6245D routers
CVE-2021-27139 - CVE-2021-27140 - CVE-2021-27141 - CVE-2021-27142 - CVE-2021-27143 - CVE-2021-27144 - CVE-2021-27145 - CVE-2021-27146 - CVE-2021-27147 - CVE-2021-27148 - CVE-2021-27149 - CVE-2021-27150 - CVE-2021-27151 - CVE-2021-27152 - CVE-2021-27153 - CVE-2021-27154 - CVE-2021-27155 - CVE-2021-27156 - CVE-2021-27157 - CVE-2021-27158 - CVE-2021-27159 - CVE-2021-27160 - CVE-2021-27161 - CVE-2021-27162 - CVE-2021-27163 - CVE-2021-27164 - CVE-2021-27165 - CVE-2021-27166 - CVE-2021-27167 - CVE-2021-27168 - CVE-2021-27169 - CVE-2021-27170 - CVE-2021-27171 - CVE-2021-27172 - CVE-2021-27173 - CVE-2021-27174 - CVE-2021-27175 - CVE-2021-27176 - CVE-2021-27177 - CVE-2021-27178 - CVE-2021-27179
2020-07-07 00:00:00 Multiple vulnerabilities found in CDATA OLTs
CVE-2020-29054 - CVE-2020-29055 - CVE-2020-29056 - CVE-2020-29057 - CVE-2020-29058 - CVE-2020-29059 - CVE-2020-29060 - CVE-2020-29061 - CVE-2020-29062 - CVE-2020-29063
2020-03-09 00:00:00 Multiple vulnerabilities found in Zyxel CNM SecuManager
CVE-2020-15312 - CVE-2020-15313 - CVE-2020-15314 - CVE-2020-15315 - CVE-2020-15316 - CVE-2020-15317 - CVE-2020-15318 - CVE-2020-15319 - CVE-2020-15320 - CVE-2020-15321 - CVE-2020-15322 - CVE-2020-15323 - CVE-2020-15324 - CVE-2020-15325 - CVE-2020-15326 - CVE-2020-15327 - CVE-2020-15328 - CVE-2020-15329 - CVE-2020-15330 - CVE-2020-15331 - CVE-2020-15332 - CVE-2020-15333 - CVE-2020-15334 - CVE-2020-15335 - CVE-2020-15336 - CVE-2020-15337 - CVE-2020-15338 - CVE-2020-15339 - CVE-2020-15340 - CVE-2020-15341 - CVE-2020-15342 - CVE-2020-15343 - CVE-2020-15344 - CVE-2020-15345 - CVE-2020-15346 - CVE-2020-15347 - CVE-2020-15348
2017-09-21 00:00:00 Update - Pwning the Dlink 850L routers and abusing the MyDlink Cloud protocol
Patches Analysis
2017-09-08 00:00:00 Pwning the Dlink 850L routers and abusing the MyDlink Cloud protocol
CVE-2017-14413 - CVE-2017-14414 - CVE-2017-14415 - CVE-2017-14416 - CVE-2017-14417 - CVE-2017-14418 - CVE-2017-14419 - CVE-2017-14420 - CVE-2017-14421 - CVE-2017-14422 - CVE-2017-14423 - CVE-2017-14424 - CVE-2017-14425 - CVE-2017-14426 - CVE-2017-14427 - CVE-2017-14428 - CVE-2017-14429 - CVE-2017-14430
2017-09-07 00:00:00 Zer0con slides - Owning embedded devices and network protocols - Zer0con website
2017-09-06 00:00:00 OFF-BLOG: WiseGiga NAS Multiple Vulnerabilities (LFI, RFI, RCE as root, RCE as root with CRSF)
2017-03-08 00:00:00 CVE-2017-8221 - CVE-2017-8222 - CVE-2017-8223 - CVE-2017-8224 - CVE-2017-8225 - Multiple vulnerabilities found in Wireless IP Camera (P2P) WIFICAM cameras and vulnerabilities in custom http server
2017-02-09 00:00:00 CVE-2017-8217 - CVE-2017-8218 - CVE-2017-8219 - CVE-2017-8220 - TP-Link C2 and C20i vulnerable to command injection (authenticated root RCE), DoS, improper firewall rules
2017-02-07 00:00:00 CVE-2017-5850 - Remote DoS against OpenBSD http server (up to 6.0)
2017-02-02 00:00:00 Update - Multiple vulnerabilities found in the Dlink DWR-932B (backdoor, backdoor accounts, weak WPS, RCE ...) - Analysis of the corrected firmware
2016-11-01 00:00:00 GPON FTTH networks (in)security
2016-10-17 00:00:00 Studying the Internet Censorship in South Korea
2016-09-28 00:00:00 Multiple vulnerabilities found in the Dlink DWR-932B (backdoor, backdoor accounts, weak WPS, RCE ...) [CVE-2016-10177] [CVE-2016-10178] [CVE-2016-10179] [CVE-2016-10180] [CVE-2016-10181] [CVE-2016-10182] [CVE-2016-10183] [CVE-2016-10184] [CVE-2016-10185] [CVE-2016-10186]
2016-04-14 00:00:00 Multiple vulnerabilities found in Quanta LTE routers (backdoor, backdoor accounts, RCE, weak WPS ...)
2016-02-16 00:00:00 Why I stopped using StartSSL (Hint: it involves a Chinese company)
2016-01-15 00:00:00 CVE-2015-5677 - FreeBSD bsnmpd information disclosure
2016-01-05 00:00:00 Ganeti Security Advisory (DoS, Unauthenticated Info Leak) - [CVE-2015-7944], [CVE-2015-7945]
2015-12-01 00:00:00 Huawei Wimax routers vulnerable to multiple threats - [Huawei Security Notice]
2015-11-12 00:00:00 OpenBSD package 'net-snmp' information disclosure - [CVE-2015-8100]
2015-10-07 00:00:00 A comprehensive study of Huawei 3G routers - XSS, CSRF, DoS, unauthenticated firmware update, RCE - [Huawei Security Notice]
2015-08-13 00:00:00 TOTOLINK Update - How to NOT handle security issues
2015-08-10 00:00:00 Watching SBS and KBS in a remote country
2015-07-27 00:00:00 Updated - 172 ipTIME router models vulnerable to an unauthenticated RCE by sending a crafted DHCP request
2015-07-22 01:00:00 Why Full Disclosure is the solution ? An example with RIPE
2015-07-22 00:00:00 Using Linux (Debian 8) on a LG 13ZD950
2015-07-16 00:00:00 Backdoor and RCE found in 8 TOTOLINK router models
CVE-2015-9550 - CVE-2015-9551
2015-07-16 00:00:00 Backdoor credentials found in 4 TOTOLINK router models
2015-07-16 00:00:00 4 TOTOLINK router models vulnerable to CSRF and XSS attacks
2015-07-16 00:00:00 15 TOTOLINK router models vulnerable to multiple RCEs
2015-07-06 00:00:00 127 ipTIME router models vulnerable to an unauthenticated RCE by sending a crafted DHCP request - [CNNVD-201507-182]
2015-07-03 00:00:00 ipTIME n104r3 vulnerable to CSRF and XSS attacks - [CNNVD-201507-186]
2015-07-01 00:00:00 Exploit Code for ipTIME firmwares < 9.58 RCE with root privileges against 127 router models - [CNNVD-201505-386]
2015-06-23 00:00:00 Small monitoring system using Freemobile
2015-06-09 00:00:00 Recovering Windows on a "Windows-free" LG laptop
2015-05-04 00:00:00 ERRATA - 127 ipTIME Routers/WiFi APs/Modems/Firewalls models vulnerable with RCE with root privileges
2015-04-20 00:00:00 112 ipTIME Routers/WiFi APs/Modems/Firewalls models vulnerable with RCE with root privileges - [CNNVD-201505-386]
2015-04-08 00:00:00 CVE-2015-1415 - FreeBSD 10.x ZFS encryption.key disclosure
2015-04-07 00:00:00 Annyeong haseyo!