Separate Fujitsu cloud storage vulnerabilities could enable attackers to destroy virtual backups

10-Jun-22

Syslogk can force-load its modules into the Linux kernel (versions 3.x are supported), disguise folders and network activity, and finally load the ‘Rekoobe’ backdoor.

Both issues, a command injection in grel.php and a command injection in hw view.php, could allow an attacker to gain remote code execution without authentication or authorization on the device. Read More…