Vectra Labs operates a coordinated vulnerability disclosure program. The vulnerabilities listed below were discovered by our researchers and responsibly disclosed to the affected vendor before public release.
A stack-based buffer overflow in the HNAP service of D-Link DIR-822 routers permits an unauthenticated attacker on the local network to achieve remote code execution as root. Discovered during opportunistic SOHO router research and reported to the vendor under coordinated disclosure.
A TOCTOU race condition in the Avast Antivirus sandbox kernel driver (aswSnx.sys) leads to an out-of-bounds write, allowing local privilege escalation. Reported to Avast and remediated in coordinated disclosure.
Vectra Labs follows coordinated vulnerability disclosure practice. Vendors are notified privately, given a remediation window, and only then is the issue published here. To report a vulnerability you have discovered in Vectra products or infrastructure, see our vulnerability disclosure program.
Talk to an engineer - not a call centre. Most Vectra conversations start with a 30-minute technical briefing and end with a written plan.