Security Updates ... #1
Description
Hello,
Summary:
If you use Oxwall <= 1.8.7 (Build 11111) or Motoshub <= 2 (Build 11030), you need to update your server.
For premium users, both oxwall and motoshub have updated their customers,
But if you use the free version, please update your server manual.
Please take this issue seriously. Some of these vulnerabilities are Pre-Auth RCE (Severity: Critical), which allows an unauthenticated attacker to compromise your server.
Unfortunately, "https://shub.ir" has been down for more than one month. When I informed them about "Write-up", they told me their hard disk was broken. They have updated their premium users, but no update was available for free users.
I prepared an update for free users. I'm Not the maintainer of Motoshub; I just provided an update because they don't want to update free users.
If you have any questions, please let me know, so I will answer you as soon as possible.
Write-up (Root Cause Analysis + Technical details + Full Exploit Codes + The reason I did the research) will be published on my Blog after 30(or 60) days.
So please update! Thank you!
Manual update:
Oxwall
Motoshub
CVE-2021-36593, CVE-2021-36594, CVE-2021-36596, CVE-2021-36597, CVE-2021-36598, CVE-2021-36599, CVE-2022-25128, CVE-2022-25129