Perten Instruments Process Plus Software versions 1.11.6507.0 and below suffer from local file inclusion, hardcoded credential, and execution with unnecessary privilege vulnerabilities.
92c6be9a95dec36f75c305fd1ec54275736478e25459c036cab67f945826b0f2SEH utnserver Pro/ProMAX and INU-100 version 20.1.22 suffers from cross site scripting, denial of service, and file disclosure vulnerabilities.
67806c2f4c3195737e32e0a53dfdc16ae12e9f9db70895d10ba1b259619c40f6ORing IAP-420 version 2.01e suffers from remote command injection and persistent cross site scripting vulnerabilities.
28abb60f6782915fe5d445adb98b15cb9953faaf9cc843956f9c44bd40922a89Korenix JetNet Series allows TFTP without authentication and also allows for unauthenticated firmware upgrades.
e98dce221232e53adca554fe3cd6ed0d46d0caac22afced67ae352d9d304056cAdvantech EKI-1524-CE series, EKI-1522 series,and EKI-1521 series versions 1.21 and below and 1.24 and below suffer from cross site scripting vulnerabilities.
c3a6cbea79ff546db8165bd3b5e329dfc66aec81cd06ea79d913dda8ae9f889bPhoenix Contact TC Router 3002T-4G* versions prior to 2.0.2, TC Cloud Client 1002-4G* versions prior to 2.07.2, and Cloud Client 1101T-TX/TX versions prior to 2.06.10 suffer from cross site scripting and memory consumption vulnerabilities.
a587bb9bbd0a7bc6b304a09099ebed341f33e4b48fa43bcad73ec180522c55d2Advantech EKI-1524-CE series, EKI-1522 series, and EKI-1521 series suffer from command injection and buffer overflow vulnerabilities.
156682e9b1ae64a09507acbd8e4e2825d7de53ca1c3540e8c214b7b38fbd68acThis Metasploit module exploits a buffer overflow in the zhttpd binary (/bin/zhttpd). It is present on more than 40 Zyxel routers and CPE devices. The code execution vulnerability can only be exploited by an attacker if the zhttp webserver is reachable. No authentication is required. After exploitation, an attacker will be able to execute any command as root, including downloading and executing a binary from another host.
fc9419af3871336277cafde42125966d876812e4e57c8b48da3a83050219381fMultiple versions of Korenix JetWave suffer from authenticated command injection and denial of service vulnerabilities.
855f389543c13d74be1ffa1c20556605349c2e7c25c9e761aad4692ec6b41a9dIntelbras WiFiber 120AC inMesh version 1.1-220216 suffers from an authenticated command injection vulnerability.
ed99477c42e93bd1a34f1bac91b2dd83464752e9e6c54a967155fd881bf63c70Delta Electronics DVW-W02W2-E2 version 2.42 suffers from an authenticated command injection vulnerability.
52f6f8745199afbfc55428bee6dbae1fbbe91da63778b61a0ac8bf89593b7906Delta Electronics DX-2100-L1-CN version 1.5.0.10 suffers from command injection and cross site scripting vulnerabilities.
c011ce849673992de02ffa60ff745be7e4efb5d267d29dec7c008d33777fc8a8Hirschmann (Belden) BAT-C2 version 8.8.1.0R8 suffers from a remote authenticated command injection vulnerability.
902fa02d042cb42bf90b944d2600703447b836b6f9b4d286e2b0bca32793a471Intelbras WiFiber 120AC inMesh version 1.1-220216 suffers from an authenticated command injection vulnerability.
4849e99df805e1eb9050864513716a8f55def09fca9fc5b0dddcaa19077b0b61COVESA versions 2.18.8 and below suffer from heap buffer over-read and null pointer dereference vulnerabilities.
548515ca72e9a559204cae299150309e86e1f034ccca3a9cd876a5da99d81eb2Nexans FTTO GigaSwitch industrial/office switches HW version 5 suffer from having a hardcoded backdoor user and multiple outdated vulnerable software components.
811819aa67b6ad1bef552d7cc55544b3fd1c366dc092a396d3d23c2d49bd1e36dbus-broker-29 suffers from multiple memory corruption vulnerabilities. dbus-broker-31 addresses these issues.
1688a18cca9d3b422b451318fd542b12535ebb6ef1eb8f23ae56ff707d1b4659Korenix JetPort 5601V3 with firmware version 1.0 suffers from having default backdoor accounts. The vendor will not address the issue as they claim the secret cannot be cracked in a reasonable amount of time.
3e2603282fec3712a00d6e06e97b774d59453da271d200dfc02c1517bb7fec06Siemens A8000 CP-8050/CP-8031 SICAM WEB suffers from denial of service and a missing authentication vulnerability that allows for file download.
7f0a0ec0c017ac5bb71670246359ab27291e0f6543e3a3b66f3b4ecf9cd874dcMultiple Zyxel devices suffer from buffer overflow, local file disclosure, unsafe storage of sensitive data, command injection, broken access control, symbolic link processing, cross site request forgery, and cross site scripting vulnerabilities.
0ba1f45b7a5254a119e2a3aeddf4279392e2e0120fe45790d15563c4eadf7fd2Korenix Technology JetWave products JetWave 2212X, JetWave 2212S, JetWave 2212G, JetWave 2311, and JetWave 3220 suffer from unauthenticated device administration, cross site request forgery, multiple command injection, and unauthenticated tftp action vulnerabilities.
5a25ab12344f226941a56dbd876e476339306b241e827b61d60cb9042131e4b4Many Moxa devices suffer from command injection, cross site scripting, and outdated software vulnerabilities.
91e5218cfa2c2452c1da0918b3b85328aad5bcf76352c949affc7a9a10a95a39Multiple Altus Sistemas de Automacao products such as the Nexto NX30xx Series, Nexto NX5xxx Series, Nexto Xpress XP3xx Series, and Hadron Xtorm HX3040 Series suffer from command injection, cross site request forgery, and hardcoded credential vulnerabilities.
04419f303d6024196a934d7a822a54ec4c5ef330f60bde124f5af5cb94703343Multiple Korenix products are affected by unauthenticated device administration, backdoor accounts, cross site request forgery, unauthenticated tftp actions, and command injection vulnerabilities. Products affected include JetNet 5428G-20SFP, JetNet 5810G, JetNet 4706F, JetNet 4706, JetNet 4706, JetNet 4510, JetNet 5010, JetNet 5310, and JetNet 6095.
2ab15e19675a05aaabcb76dc1553dadb6ceb96917b39bbdccdfbeaba3666a535Pepperl+Fuchs IO-Link Master Series with system version 1.36 and application version 1.5.28 suffers from command injection, cross site request forgery, cross site scripting, denial of service, and null pointer vulnerabilities.
c88a68158caf9f8c370f593f1564b9bdfdae8e3ee99f70f86114b5c91c83c7b8
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed