what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 52 RSS Feed

Files from T. Weber

First Active2016-11-14
Last Active2024-01-15
Korenix JetNet Series Unauthenticated Access
Posted Jan 15, 2024
Authored by T. Weber, S. Dietz | Site cyberdanube.com

Korenix JetNet Series allows TFTP without authentication and also allows for unauthenticated firmware upgrades.

tags | exploit
advisories | CVE-2023-5347, CVE-2023-5376
SHA-256 | e98dce221232e53adca554fe3cd6ed0d46d0caac22afced67ae352d9d304056c
Advantech EKI-1524-CE / EKI-1522 / EKI-1521 Cross Site Scripting
Posted Aug 14, 2023
Authored by T. Weber, A. Resanovic, T. Etzenberger, M. Bineder, R. Haas | Site cyberdanube.com

Advantech EKI-1524-CE series, EKI-1522 series,and EKI-1521 series versions 1.21 and below and 1.24 and below suffer from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2023-4202, CVE-2023-4203
SHA-256 | c3a6cbea79ff546db8165bd3b5e329dfc66aec81cd06ea79d913dda8ae9f889b
Phoenix Contact TC Cloud / TC Router 2.x XSS / Memory Consumption
Posted Aug 14, 2023
Authored by T. Weber, S. Stockinger, A. Resanovic, T. Etzenberger | Site cyberdanube.com

Phoenix Contact TC Router 3002T-4G* versions prior to 2.0.2, TC Cloud Client 1002-4G* versions prior to 2.07.2, and Cloud Client 1101T-TX/TX versions prior to 2.06.10 suffer from cross site scripting and memory consumption vulnerabilities.

tags | exploit, denial of service, vulnerability, xss
advisories | CVE-2023-3526, CVE-2023-3569
SHA-256 | a587bb9bbd0a7bc6b304a09099ebed341f33e4b48fa43bcad73ec180522c55d2
Advantech EKI-15XX Series Command Injection / Buffer Overflow
Posted May 12, 2023
Authored by T. Weber, S. Dietz | Site cyberdanube.com

Advantech EKI-1524-CE series, EKI-1522 series, and EKI-1521 series suffer from command injection and buffer overflow vulnerabilities.

tags | exploit, overflow, vulnerability
advisories | CVE-2023-2573, CVE-2023-2574, CVE-2023-2575
SHA-256 | 156682e9b1ae64a09507acbd8e4e2825d7de53ca1c3540e8c214b7b38fbd68ac
Zyxel Unauthenticated LAN Remote Code Execution
Posted Mar 22, 2023
Authored by Stefan Viehboeck, T. Weber, Gerhard Hechenberger, Steffen Robertz | Site metasploit.com

This Metasploit module exploits a buffer overflow in the zhttpd binary (/bin/zhttpd). It is present on more than 40 Zyxel routers and CPE devices. The code execution vulnerability can only be exploited by an attacker if the zhttp webserver is reachable. No authentication is required. After exploitation, an attacker will be able to execute any command as root, including downloading and executing a binary from another host.

tags | exploit, overflow, root, code execution
SHA-256 | fc9419af3871336277cafde42125966d876812e4e57c8b48da3a83050219381f
Korenix JetWave Command Injection / Denial Of Service
Posted Feb 15, 2023
Authored by T. Weber, S. Dietz | Site cyberdanube.com

Multiple versions of Korenix JetWave suffer from authenticated command injection and denial of service vulnerabilities.

tags | exploit, denial of service, vulnerability
SHA-256 | 855f389543c13d74be1ffa1c20556605349c2e7c25c9e761aad4692ec6b41a9d
Intelbras WiFiber 120AC inMesh 1.1-220216 Command Injection
Posted Dec 14, 2022
Authored by T. Weber | Site cyberdanube.com

Intelbras WiFiber 120AC inMesh version 1.1-220216 suffers from an authenticated command injection vulnerability.

tags | exploit
advisories | CVE-2022-40005
SHA-256 | ed99477c42e93bd1a34f1bac91b2dd83464752e9e6c54a967155fd881bf63c70
Delta Electronics DVW-W02W2-E2 2.42 Command Injection
Posted Dec 9, 2022
Authored by T. Weber | Site cyberdanube.com

Delta Electronics DVW-W02W2-E2 version 2.42 suffers from an authenticated command injection vulnerability.

tags | exploit
SHA-256 | 52f6f8745199afbfc55428bee6dbae1fbbe91da63778b61a0ac8bf89593b7906
Delta Electronics DX-2100-L1-CN 1.5.0.10 Command Injection / XSS
Posted Dec 9, 2022
Authored by T. Weber | Site cyberdanube.com

Delta Electronics DX-2100-L1-CN version 1.5.0.10 suffers from command injection and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | c011ce849673992de02ffa60ff745be7e4efb5d267d29dec7c008d33777fc8a8
Hirschmann (Belden) BAT-C2 8.8.1.0R8 Command Injection
Posted Nov 30, 2022
Authored by T. Weber | Site cyberdanube.com

Hirschmann (Belden) BAT-C2 version 8.8.1.0R8 suffers from a remote authenticated command injection vulnerability.

tags | exploit, remote
advisories | CVE-2022-40282
SHA-256 | 902fa02d042cb42bf90b944d2600703447b836b6f9b4d286e2b0bca32793a471
Intelbras WiFiber 120AC inMesh 1.1-220216 Command Injection
Posted Oct 14, 2022
Authored by T. Weber | Site cyberdanube.com

Intelbras WiFiber 120AC inMesh version 1.1-220216 suffers from an authenticated command injection vulnerability.

tags | exploit
SHA-256 | 4849e99df805e1eb9050864513716a8f55def09fca9fc5b0dddcaa19077b0b61
COVESA 2.18.8 NULL Pointer Dereference / Heap Buffer Over-Read
Posted Sep 27, 2022
Authored by T. Weber, Gerhard Hechenberger, Steffen Robertz, T. Longin | Site sec-consult.com

COVESA versions 2.18.8 and below suffer from heap buffer over-read and null pointer dereference vulnerabilities.

tags | exploit, vulnerability
advisories | CVE-2022-39836, CVE-2022-39837
SHA-256 | 548515ca72e9a559204cae299150309e86e1f034ccca3a9cd876a5da99d81eb2
Nexans FTTO GigaSwitch Outdated Components / Hardcoded Backdoor
Posted Jun 20, 2022
Authored by T. Weber | Site sec-consult.com

Nexans FTTO GigaSwitch industrial/office switches HW version 5 suffer from having a hardcoded backdoor user and multiple outdated vulnerable software components.

tags | exploit
advisories | CVE-2015-0235, CVE-2015-7547, CVE-2015-9261, CVE-2017-16544, CVE-2022-32985
SHA-256 | 811819aa67b6ad1bef552d7cc55544b3fd1c366dc092a396d3d23c2d49bd1e36
dbus-broker-29 Memory Corruption
Posted Jun 6, 2022
Authored by T. Weber, Gerhard Hechenberger, Steffen Robertz, T. Longin | Site sec-consult.com

dbus-broker-29 suffers from multiple memory corruption vulnerabilities. dbus-broker-31 addresses these issues.

tags | exploit, vulnerability
advisories | CVE-2022-31212, CVE-2022-31213
SHA-256 | 1688a18cca9d3b422b451318fd542b12535ebb6ef1eb8f23ae56ff707d1b4659
Korenix JetPort 5601V3 Backdoor Account
Posted Jun 6, 2022
Authored by T. Weber | Site sec-consult.com

Korenix JetPort 5601V3 with firmware version 1.0 suffers from having default backdoor accounts. The vendor will not address the issue as they claim the secret cannot be cracked in a reasonable amount of time.

tags | exploit
advisories | CVE-2020-12501
SHA-256 | 3e2603282fec3712a00d6e06e97b774d59453da271d200dfc02c1517bb7fec06
Siemens A8000 CP-8050/CP-8031 SICAM WEB Missing File Download / Missing Authentication
Posted Apr 15, 2022
Authored by T. Weber, Gerhard Hechenberger, Steffen Robertz | Site sec-consult.com

Siemens A8000 CP-8050/CP-8031 SICAM WEB suffers from denial of service and a missing authentication vulnerability that allows for file download.

tags | exploit, web, denial of service
advisories | CVE-2021-45034, CVE-2022-27480
SHA-256 | 7f0a0ec0c017ac5bb71670246359ab27291e0f6543e3a3b66f3b4ecf9cd874dc
Zyxel Buffer Overflow / File Disclosure / CSRF / XSS / Broken Access Control
Posted Feb 17, 2022
Authored by Stefan Viehboeck, T. Weber, Gerhard Hechenberger, Steffen Robertz | Site sec-consult.com

Multiple Zyxel devices suffer from buffer overflow, local file disclosure, unsafe storage of sensitive data, command injection, broken access control, symbolic link processing, cross site request forgery, and cross site scripting vulnerabilities.

tags | exploit, overflow, local, vulnerability, xss, csrf
SHA-256 | 0ba1f45b7a5254a119e2a3aeddf4279392e2e0120fe45790d15563c4eadf7fd2
Korenix Technology JetWave CSRF / Command Injection / Missing Authentication
Posted Feb 4, 2022
Authored by T. Weber | Site sec-consult.com

Korenix Technology JetWave products JetWave 2212X, JetWave 2212S, JetWave 2212G, JetWave 2311, and JetWave 3220 suffer from unauthenticated device administration, cross site request forgery, multiple command injection, and unauthenticated tftp action vulnerabilities.

tags | exploit, vulnerability, csrf
advisories | CVE-2020-12500, CVE-2020-12501, CVE-2020-12502, CVE-2020-12503, CVE-2020-12504, CVE-2021-39280
SHA-256 | 5a25ab12344f226941a56dbd876e476339306b241e827b61d60cb9042131e4b4
Moxa Command Injection / Cross Site Scripting / Vulnerable Software
Posted Sep 1, 2021
Authored by T. Weber | Site sec-consult.com

Many Moxa devices suffer from command injection, cross site scripting, and outdated software vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2013-1914, CVE-2013-7423, CVE-2015-0235, CVE-2015-7547, CVE-2016-1234, CVE-2021-39278, CVE-2021-39279
SHA-256 | 91e5218cfa2c2452c1da0918b3b85328aad5bcf76352c949affc7a9a10a95a39
Altus Sistemas de Automacao Products CSRF / Command Injection / Hardcoded Credentials
Posted Aug 19, 2021
Authored by T. Weber, Daniel Teuchert | Site sec-consult.com

Multiple Altus Sistemas de Automacao products such as the Nexto NX30xx Series, Nexto NX5xxx Series, Nexto Xpress XP3xx Series, and Hadron Xtorm HX3040 Series suffer from command injection, cross site request forgery, and hardcoded credential vulnerabilities.

tags | exploit, vulnerability, csrf
advisories | CVE-2021-39243
SHA-256 | 04419f303d6024196a934d7a822a54ec4c5ef330f60bde124f5af5cb94703343
Korenix CSRF / Backdoor Accounts / Command Injection / Missing Authentication
Posted Jun 1, 2021
Authored by T. Weber | Site sec-consult.com

Multiple Korenix products are affected by unauthenticated device administration, backdoor accounts, cross site request forgery, unauthenticated tftp actions, and command injection vulnerabilities. Products affected include JetNet 5428G-20SFP, JetNet 5810G, JetNet 4706F, JetNet 4706, JetNet 4706, JetNet 4510, JetNet 5010, JetNet 5310, and JetNet 6095.

tags | exploit, vulnerability, csrf
advisories | CVE-2020-12500, CVE-2020-12501, CVE-2020-12502, CVE-2020-12503, CVE-2020-12504
SHA-256 | 2ab15e19675a05aaabcb76dc1553dadb6ceb96917b39bbdccdfbeaba3666a535
Pepperl+Fuchs IO-Link Master Series 1.36 CSRF / XSS / Command Injection
Posted Jan 13, 2021
Authored by T. Weber | Site sec-consult.com

Pepperl+Fuchs IO-Link Master Series with system version 1.36 and application version 1.5.28 suffers from command injection, cross site request forgery, cross site scripting, denial of service, and null pointer vulnerabilities.

tags | exploit, denial of service, vulnerability, xss, csrf
advisories | CVE-2020-12511, CVE-2020-12512, CVE-2020-12513, CVE-2020-12514
SHA-256 | c88a68158caf9f8c370f593f1564b9bdfdae8e3ee99f70f86114b5c91c83c7b8
ZTE MF253V 1.0.0B04 XSS / CSRF / Hardcoded Password
Posted Nov 24, 2020
Authored by T. Weber, Steffen Robertz | Site sec-consult.com

ZTE WLAN router MF253V version 1.0.0B04 suffers from cross site request forgery, hardcoded password, outdated component, and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | 2ad4c83e851b5a6d905cd41028173a338d0361610fcbc55e00ab71b116573c19
RocketLinx Series Authentication Bypass / CSRF / Command Injection
Posted Oct 5, 2020
Authored by T. Weber | Site sec-consult.com

RocketLinx Series suffers from unauthenticated device administration, backdoor account, cross site request forgery, command injection, and unauthenticated tftp action vulnerabilities. Multiple versions are affected.

tags | advisory, vulnerability, csrf
advisories | CVE-2020-12500, CVE-2020-12501, CVE-2020-12502, CVE-2020-12503, CVE-2020-12504
SHA-256 | 8442cf2977502cf345c9cdeea5392c4f9553884f014a51ece6c87fa179154e17
Red Lion N-Tron 702-W / 702M12-W 2.0.26 XSS / CSRF / Shell
Posted Sep 3, 2020
Authored by T. Weber | Site sec-consult.com

Red Lion N-Tron 702-W and 702M12-W versions 2.0.26 and below suffer from cross site request forgery, hidden shell interface, cross site scripting and busybox vulnerabilities.

tags | exploit, shell, vulnerability, xss, csrf
advisories | CVE-2020-16204, CVE-2020-16206, CVE-2020-16208, CVE-2020-16210
SHA-256 | e25651886495730ba652afb5121baaf7e7f37336a3e296f81df774de5fa1a7b8
Page 1 of 3
Back123Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close