ver. 1.1.0 rev. 1225 - 2021-11-16
Changed
- Move “Scan history” to a separate fragment
- Unlock screen orientation
- Simplify FAB set
- Update dependencies
- Change the appearance of alerts
- Meet the targetSdk requirement
Added
- Multiple vulnerabilities in DAP-2020 H/W rev. Ax with F/W v1.01 and below
- Identity authentication bypass vulnerability found in some Dahua products
Fixed
- Billing issue fixed
- RTPS MediaPlayer release resources on reuse
ver. 1.0.4 rev. 1073 - 2021-10-15
Added
- Stack Buffer Overflow in QNAP Surveillance Station
- RCE vulnerability via a malformed user agent field in HTTP headers
- HTTP path traversal test
- Detect “Hubble Connected” devices
Fixed
- Bad Wi-Fi signal does not mean no Internet access
ver. 1.0.3 rev. 1062 - 2021-08-29
Fixed
- Minor bug fix
ver. 1.0.3 rev. 1061 - 2021-08-28
Added
- Network host naming
- Cisco HW detection by SNMP
- Critical UPnP Service Flaw on Cisco Small Business RV Series Routers
- Port scan history
Fixed
- SNMP plugin
ver. 1.0.2 rev. 1034 - 2021-08-06
Added
- Reverse DNS via Multicast DNS
Changed
- Perfomance optimization
Fixed
- Bug report file attachment issue fixed
- IndexOutOfBound crash fixed
ver. 1.0.1 rev. 1007 - 2021-07-15
Added
- CVE-2021-31802 NETGEAR Nighthawk R7000 httpd PreAuth RCE
Fixed
- MAC address discovery issue fixed
ver. 1.0.0 rev. 1001 - 2021-07-06
Added
- CVE-2021-34527 Windows Print Spooler Remote Code Execution Vulnerability aka PrintNightmare
ver. 1.0.0 rev. 997 - 2021-07-01
Added
- CVE-2020-35785 Multiple HTTP authentication vulnerabilities on DGN2200v1
- CVE-2018-18472 WD My Book Live RCE via shell metacharacters in language_configuration API endpoint
- CVE-2021-35941 WD My Book Live has an administrator API that can perform a system factory restore without authentication
ver. 1.0.0 rev. 992 - 2021-06-15
Added
- CVE–2014–9222 aka “Misfortune Cookie”
- CVE-2014-4019 the rom-0 backup file
- CVE-2014-9583 unauthenticated command execution vulnerability in ASUS “infosrv” UDP service
- Linksys E-Series unauthenticated OS command injection
- DBL(Domain Name System Blacklists) enlisting
- CVE-2020-12695 SSRF-like vulnerability a.k.a. CallStranger
- Check if DNS server IP address and the network public IP address belong to the same GEO and/or ISP
- CVE-2017-0144 SMB server allows remote attackers to execute arbitrary code via crafted packets
- MikroTik RouterOS contains a remote code execution vulnerability aka “Chimay Red”
- CVE-2017-5135 SNMP authentication bypass(aka StringBleed)
- CVE-2019-7192,CVE-2019-7194,CVE-2019-7195 A local file inclusion vulnerability that allows an unauthenticated attacker to download files from the QNAP filesystem
- CVE-2020-11117 An exploitable command execution vulnerability in the lbd service functionality of Qualcomm
- An unauthenticated PHP code injection in Seagate NAS products
- CVE-2020-27403 A vulnerability in the TCL Android Smart TV series by TCL Technology Group Corporation
- CVE-2020-10882 An unauthenticated network-adjacent RCE by abusing the tldServer daemon
- CVE-2020-28184 XSS in TerraMaster TOS <= 4.2.06
- CVE-2020-28185 User enumeration in TerraMaster TOS <= 4.2.06
- CVE-2020-28186 Email injection in TerraMaster TOS <= 4.2.06
- CVE-2020-28187 Directory traversal in TerraMaster TOS <= 4.2.06
- CVE-2020-28188 Unauthenticated remote command execution in TerraMaster TOS <= 4.2.06
- CVE-2020-28189 Incorrect access control in TerraMaster TOS <= 4.2.06
- CVE-2020-28190 Software update via insecure communication channel in TerraMaster TOS <= 4.2.06
- Netgear httpd upgrade_check.cgi stack buffer overflow
- TCP port scanner tool - RTSP audit tool - HiBP integration - Shodan integration
Changed
- Completely new UI and UX
Removed
- All the boring stuff
Fixed
- UI and UX