| Real Name | Gjoko Krstic |
|---|---|
| Email address | private |
| First Active | 2007-07-26 |
| Last Active | 2018-10-17 |
TP-Link TL-SC3130 version 1.6.18 suffers from an unauthenticated and unauthorized live RTSP stream disclosure.
e029e95c170246483700a76a5b7644d8The FLIR Brickstream 3D+ sensor is vulnerable to unauthenticated and unauthorized live RTSP video stream access.
c9e086de25a24942ecb2ff6455cc9e3aThe FLIR Brickstream 3D+ sensor is vulnerable to unauthenticated config download and file disclosure vulnerability when calling the ExportConfig REST API (getConfigExportFile.cgi). This will enable the attacker to disclose sensitive information and help her in authentication bypass, privilege escalation and/or full system access.
1713c8fd894c04a7b7bca5abd747a8a4FLIR AX8 thermal sensor camera devices version 1.32.16 utilize hard-coded credentials within its Linux distribution image. These sets of credentials (SSH) are never exposed to the end-user and cannot be changed through any normal operation of the camera. Attacker could exploit this vulnerability by logging in using the default credentials for the web panel or gain shell access.
33ffa851ac663c1ab4b0b5c38033d8e6The FLIR AX8 thermal sensor camera version 1.32.16 suffers from an unauthenticated arbitrary file disclosure vulnerability. Input passed via the 'file' parameter in download.php is not properly verified before being used to download config files. This can be exploited to disclose the contents of arbitrary files via absolute path.
acdaa748301edd2bc81cd2080da980c7The FLIR AX8 thermal sensor camera version 1.32.16 suffers an unauthenticated and unauthorized live RTSP video stream access.
12f0bc57b7afd9426d7045450ba3c350The FLIR AX8 thermal sensor camera version 1.32.16 suffers from two unauthenticated command injection vulnerabilities. The issues can be triggered when calling multiple unsanitized HTTP GET/POST parameters within the shell_exec function in res.php and palette.php file. This can be exploited to inject arbitrary system commands and gain root remote code execution.
d06114bdae6c5e38a699adb6567a8ba2FLIR Systems FLIR thermal traffic cameras suffers from a websocket device manipulation vulnerability.
1758b25f8d73cbe768557470cb4ec024FLIR Systems FLIR thermal traffic cameras suffer from an RTSP stream disclosure vulnerability.
500bbb1808ed3b7c4e433fc3334c1985NovaRad NovaPACS Diagnostics Viewer version 8.5 suffers from an XML external entity injection vulnerability that allows for file disclosure.
e85d4489d58f26bca437667c877df4a6Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway systems have a web shell application that includes a service called Microhard Sh that is documented only as 'reserved for internal use'. This service can be enabled by an authenticated user within the Services menu in the web admin panel. This can also be enabled via CSRF attack. When the service is enabled, a user 'msshc' is created on the system with password 'msshc' for SSH shell access on port 22. When connected, the user is dropped into a NcFTP jailed environment, that has limited commands for file transfer administration. One of the commands is a custom added 'ping' command that has a command injection vulnerability that allows the attacker to escape the restricted environment and enter into a root shell terminal that can execute commands as the root user. Many versions are affected.
3679d738983dec17aa3243aa408c3212Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway systems suffer from an open redirection vulnerability. Many versions are affected.
afbbf88e9876ec95b9eb0b84ade6d536Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway systems suffer from a system backup configuration file 'IPn4G.config' in '/' directory or its respective name based on the model name including the similar files in '/www/cgi-bin/system.conf', '/tmp' and the cli.conf in '/etc/m_cli/' can be downloaded by an authenticated attacker in certain circumstances. This will enable the attacker to disclose sensitive information and help her in authentication bypass, privilege escalation and/or full system access. Many versions are affected.
e8955597bdd0224a62bfdb870b980cf0Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway systems suffer from an issue where due to the hidden and undocumented File Editor (Filesystem Browser) shell script 'system-editor.sh' an attacker can leverage this issue to read, modify or delete arbitrary files on the system. Input passed thru the 'path' and 'savefile', 'edit' and 'delfile' GET and POST parameters is not properly sanitized before being used to modify files. This can be exploited by an authenticated attacker to read or modify arbitrary files on the affected system. Many versions are affected.
c7aa24d69a51dbc46e0636cc8eb7baaeMicrohard Systems 3G/4G Cellular Ethernet and Serial Gateway systems have undocumented and hidden features present via the web management interface. These features allow an authenticated attacker to take full control of the device and/or modify internal OS settings, read arbitrary files or even render the device unusable. Many versions are affected.
4a92f4d86bb220e897be6dc5df1fa026Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway systems have an undocumented and hidden feature that allows an authenticated attacker to list running processes in the operating system and send arbitrary signals to kill any process running in the background including starting and stopping system services. This impacts availability and can be triggered also by CSRF attacks that requires device restart and/or factory reset to rollback malicious changes. Many versions are affected.
c7e76548cf7a9abfd546cfa5d7af587eMicrohard Systems 3G/4G Cellular Ethernet and Serial Gateway systems suffer from multiple authenticated arbitrary remote code execution vulnerabilities with highest privileges. This is due to multiple hidden and undocumented features within the admin interface that allows an attacker to create crontab jobs and/or modify the system startup script that allows execution of arbitrary code as root user. Many versions are affected.
21e4fe6dfbdca8fc7b0eeebde7b04dd1Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway systems utilize hard-coded credentials within its Linux distribution image. These sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the gateway. Another vulnerability could allow an authenticated attacker to gain root access. The vulnerability is due to default credentials. An attacker could exploit this vulnerability by logging in using the default credentials. Many versions are affected.
4e3004d8f3c50bedebecb9cbb12651ffMicrohard Systems 3G/4G Cellular Ethernet and Serial Gateway systems allow users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. Many versions are affected.
1c9d0c91aa832d5b885abfebe7855448Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway systems are prone to multiple reflected and stored cross-site scripting vulnerabilities due to a failure to properly sanitize user-supplied input to several parameters that are handled by various servlets. Attackers can exploit this issue to execute arbitrary HTML and script code in a user's browser session. Many versions are affected.
4335daff61aee85b79cf9f7773893b4cEcessa ShieldLink SL175EHQ version 10.7.4 suffers from an add superuser cross site request forgery vulnerability.
8a8c1de2a67b10c2994223ebb10d07b6Ecessa WANWorx WVR-30 version 10.7.4 suffers from an add superuser cross site request forgery vulnerability.
f9ae008e6a2e97e05d2523eb4a0e7f95Ecessa Edge EV150 version 10.7.4 suffers from an add superuser cross site request forgery vulnerability.
32235352c43c1764ff3761997d4f28ebRockwell Automation RSLinx Classic and FactoryTalk Linx Gateway suffer from a privilege escalation vulnerability. Rockwell Automation RSLinx Classic versions 3.90.01, 3.73.00, 3.72.00, and 2.58.00 are susceptible. Rockwell Automation FactoryTalk Linx Gateway version 3.90.00 is susceptible.
59c9bf7a610c8becf0674a228bcebf7bGNU Barcode version 0.99 suffers from a memory leak vulnerability.
d0eee2c339964fbd4ec3ae2aaa49f342
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed