| Real Name | Gjoko Krstic |
|---|---|
| Email address | private |
| First Active | 2007-07-26 |
| Last Active | 2021-11-02 |
i3 International Annexxus Cameras Ax-n version 5.2.0 does not allow creation of more than one administrator account on the system. This also applies for deletion of the administrative account. The logic behind this restriction can be bypassed by parameter manipulation using dangerous verbs like PUT and DELETE and improper server-side validation. Once a normal account with viewer or operator permissions has been added by the default admin user i3admin, a PUT request can be issued calling the UserPermission endpoint with the ID of created account and set it to admin userType, successfully adding a second administrative account.
eafb74027eb4cf01b77d7062a478cdb1Cypress Solutions CTM-200 wireless gateway version 2.7.1 suffers from an authenticated semi-blind OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands as the root user through the 'ctm-config-upgrade.sh' script leveraging the 'fw_url' POST parameter used in the cmd upgreadefw as argument, called by ctmsys() as pointer to execv() and make_wget_url() function to the wget command in /usr/bin/cmdmain ELF binary.
5443c1ca578d802c9f7cf55428781490Cypress Solutions CTM-200/CTM-ONE suffers from a hard-coded credential remote root vulnerability via telnet and ssh.
4dc0da6ff777de3e071d0c7c9de1dabaFatPipe Networks WARP/IPVPN/MPVPN version 10.2.2 suffers from a remote privilege escalation vulnerability.
55a8a0546a607614640ebbecb5a328b5FatPipe Networks WARP/IPVPN/MPVPN version 10.2.2 has the hidden administrative account cmuser that has no password and has write access permissions to the device. The user cmuser is not visible in the Users menu list of the application.
721e7699e457e1b541391eb73901ef17FatPipe Networks WARP/IPVPN/MPVPN version 10.2.2 is vulnerable to an unauthenticated configuration disclosure when a direct object reference is made to the backup archive file using an HTTP GET request.
da8637d64e3f521a27e2cda56950dc36FatPipe Networks WARP version 10.2.2 suffers from an authorization bypass vulnerability.
6ccac54a795446dd5b9905280e95e65dThe application interface FatPipe Networks WARP/IPVPN/MPVPN version 10.2.2 allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.
ebc740be2b0dc7aea958ed27ca4a91bfCOMMAX CVD-Axx DVR version 5.1.4 uses a weak set of default administrative credentials that can be easily guessed in remote password attacks and used to disclose the RTSP stream.
0313e6536d17a0ea4f5f7b0302aee78bCOMMAX Smart Home Ruvie CCTV Bridge DVR Service suffers from unauthenticated configuration writing and denial of service vulnerabilities.
33cb8b029963ff91bd33a5ce0566a7a6COMMAX Smart Home Ruvie CCTV Bridge suffers from a credential disclosure vulnerability.
0d5d3a5130f6133e1e168518382d87aaCOMMAX UMS Client ActiveX Control version 1.7.0.2 suffers from a heap buffer overflow vulnerability.
bdfacbe95822d7a922e557839d7caedfCOMMAX WebViewer ActiveX Control version 2.1.4.5 suffers from a buffer overflow vulnerability.
7cda77f5ebe6338698bf2d78e0a14d04COMMAX Smart Home IoT Control System CDP-1020n suffers from a remote SQL injection vulnerability that allows for authentication bypass.
5566bcf92f20e034df8e647a0947dd43COMMAX Biometric Access Control System version 1.0.0 suffers from a authentication bypass vulnerability.
30872997d53a89ccd87660764948a6b3COMMAX Biometric Access Control System version 1.0.0 suffers from a cross site scripting vulnerability.
7bf5f2cdb78f902a98c85a7c700aacd6Panasonic Sanyo CCTV Network Camera version 2.03-0x allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. These actions can be exploited to perform authentication detriment and account password change with administrative privileges if a logged-in user visits a malicious web site.
144372220bfafa4d89dbf4f8e47b37dfLongjing Technology BEMS API version 1.21 suffers from an unauthenticated arbitrary file download vulnerability. Input passed through the fileName parameter through downloads endpoint is not properly verified before being used to download files. This can be exploited to disclose the contents of arbitrary and sensitive files through directory traversal attacks.
6a5637ce7d7f32fbc3a3c1f0931505e7IntelliChoice eFORCE Software Suite version 2.5.9 allows for username enumeration.
3dbce8c7f3ef261ca1360be805297f27KevinLAB BEMS version 1.0 suffers from an authenticated arbitrary file disclosure vulnerability. Input passed through the page GET parameter in index.php is not properly verified before being used to include files. This can be exploited to disclose the contents of arbitrary and sensitive files via directory traversal attacks.
4bc3f448faf6a5df2c5354ab9084063bKevinLAB BEMS version 1.0 suffers from an unauthenticated SQL Injection vulnerability. Input passed through input_id POST parameter in /http/index.php is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code to bypass the authentication mechanism.
3498bc654a493cbf9b46522829eb067cKevinLAB BEMS version 1.0 has an undocumented backdoor account and the sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the solution thru the RMI. Attacker could exploit this vulnerability by logging in using the backdoor account with highest privileges for administration and gain full system control. The backdoor user cannot be seen in the users settings in the admin panel and it also uses an undocumented privilege level (admin_pk=1) which allows full availability of the features that the BEMS is offering remotely.
a9e653ecb20d44dc4da9b97ffbe54252Ricon Industrial Cellular Router S9922XL suffers from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands as the admin (root) user via the ping_server_ip POST parameter. It is also vulnerable to Heartbleed.
23fc8665a81e1f9a6166b3c13847b608Epic Games Easy Anti-Cheat version 4.0 suffers from a local privilege escalation vulnerability.
20d43a191de2ac386670c70f501ff4baEpic Games Rocket League version 1.95 suffers from a stack-based buffer overflow vulnerability. The issue is caused due to a boundary error in the processing of a UPK format file, which can be exploited to cause a stack buffer overflow when a user crafts the file with a large array of bytes inserted in the vicinity offset after the magic header. Successful exploitation could allow execution of arbitrary code on the affected machine.
ba2e463a8ce18d40968287a8781e6309
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed