| Real Name | Gjoko Krstic |
|---|---|
| Email address | private |
| First Active | 2007-07-26 |
| Last Active | 2022-05-03 |
Tenda HG6 version 3.3.0 suffers from a remote command injection vulnerability. It can be exploited to inject and execute arbitrary shell commands through the pingAddr and traceAddr HTTP POST parameters in formPing, formPing6, formTracert and formTracert6 interfaces.
49f6e50dad2f50c5f9bee5f1105d5092b826a6f5ba27d2193fc00498390e1373The USR IOT industrial router is vulnerable to hard-coded credentials within its Linux distribution image. These sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the device. Affected versions include 1.0.36 and 1.2.7.
f2b44867a9d3fc671d927368e7311aaf4147f3f58be89622912f7a0f06ebb5ccDelta Controls enteliTOUCH versions 3.40.3935, 3.40.3706, and 3.33.4005 suffer from a cookie user password disclosure vulnerability.
c2881fbdfd83e5084b73c774d6a48d7ea8cc6074ddb613b6d320455618a8a3c0Delta Controls enteliTOUCH versions 3.40.3935, 3.40.3706, and 3.33.4005 suffer from a cross site scripting vulnerability.
041e8cd64bd7b2f293e27b87159e8111d1c2036b0e159bc4eccd5b8d7613ca58Delta Controls enteliTOUCH versions 3.40.3935, 3.40.3706, and 3.33.4005 suffer from a cross site request forgery vulnerability.
29cb721e83f960d667cf6c98532f19aade113ac4dead4421a2632694ec3913c0Verizon's 4G LTE Network Extender is utilizing a weak default admin password generation algorithm. The password is generated using the last 4 values from device's MAC address which is disclosed on the main webUI login page to an unauthenticated attacker. The values are then concatenated with the string LTEFemto resulting in something like LTEFemtoD080 as the default Admin password. Versions GA4.38 through 0.4.038.2131 are affected.
59ce4ad0a80db9115ae14b1ebb563c934a8d4e694bb93586a6f38b338e1ab98dICT Protege GX/WX version 2.08 suffers from a client-side SHA1 password hash disclosure vulnerability.
f203bc1b35e3b9d44818d0680ff7a367ed1eac4fa488fe060a5c8a1fec93d479ICT Protege GX/WX version 2.08 suffers from a persistent cross site scripting vulnerability.
0761967ed7f26d12def00046c1c81a51292379f6aee38f2875fd95654cb59e1aICL ScadaFlex II SCADA Controllers SC-1/SC-2 version 1.03.07 is vulnerable to unauthenticated file write/overwrite and deletion. This allows an attacker to execute critical file CRUD operations on the device that can potentially allow system access and impact availability.
692f4de735fbbad8010644968c54cdfe4e595dc3154860210526aa667a9f2e0cH3C SSL VPN suffers from a username enumeration vulnerability during the login sequence.
dfee4cf29211a5243ad88690480fda707d2c3e7a7d71e2ad687f07a80c49882eFetch Softworks Fetch FTP Client version 5.8 suffers from a remote CPU consumption denial of service vulnerability.
39661448198dd708a96b67957a59b551619e612105aace960d22e309d08ca49dOpenBMCS version 2.4 suffers from a secret disclosure vulnerability.
a40e30c16f0d2888ff426295f31b93b41116fcc4eb79213fafc80f0a5c06510bOpenBMCS version 2.4 suffers from remote file inclusion and server-side request forgery vulnerabilities.
505b78cffe8b2f1b771d3702d316ef5c1753e49ac00b67466b0784a71a1ea915OpenBMCS version 2.4 create administrator proof of concept exploit that leverages a remote privilege escalation vulnerability.
dfa165d919105379e965f9f7c64bc72209b082357f408421bbd7348be571f7eaOpenBMCS version 2.4 suffers from an authenticated remote SQL injection vulnerability.
3aeb898ad8ef01997d5126cc60a9a27460e4a21f989924b572387e47ffec85ffOpenBMCS version 2.4 suffers from a cross site request forgery vulnerability.
49761c5a766632d48b5e2db091385ef7d796cdc174fb58a9f84c48a390e63d92meterN version 1.2.3 suffers from an authenticated remote command execution vulnerability.
d03478d19f799c6fe12536a7b5353c838ea40fb8825294f625cab67028553daaZucchetti Axess CLOKI Access Control version 1.64 suffers from a cross site request forgery vulnerability.
5ee851be27389c34fce6b6b8f31ca356b97517cee36216ebce3cf2a59bf0d6a4i3 International Annexxus Cameras Ax-n version 5.2.0 does not allow creation of more than one administrator account on the system. This also applies for deletion of the administrative account. The logic behind this restriction can be bypassed by parameter manipulation using dangerous verbs like PUT and DELETE and improper server-side validation. Once a normal account with viewer or operator permissions has been added by the default admin user i3admin, a PUT request can be issued calling the UserPermission endpoint with the ID of created account and set it to admin userType, successfully adding a second administrative account.
3e641781592da07922dd7ee30daf5267b6d7f9b85ed06f3a2968275095a40591Cypress Solutions CTM-200 wireless gateway version 2.7.1 suffers from an authenticated semi-blind OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands as the root user through the 'ctm-config-upgrade.sh' script leveraging the 'fw_url' POST parameter used in the cmd upgreadefw as argument, called by ctmsys() as pointer to execv() and make_wget_url() function to the wget command in /usr/bin/cmdmain ELF binary.
3c5b924eea85063a32d4abf12a102470e52fe008b637d8c375ec9d27c3e4f296Cypress Solutions CTM-200/CTM-ONE suffers from a hard-coded credential remote root vulnerability via telnet and ssh.
c6e807601e506777669f00a74526a7064066038cba2f8103bedd98cb559088c8FatPipe Networks WARP/IPVPN/MPVPN version 10.2.2 suffers from a remote privilege escalation vulnerability.
6ef66ed70e92ad612290d98df48054d67d1c964e07a0683eaed0ee4abc38ad4eFatPipe Networks WARP/IPVPN/MPVPN version 10.2.2 has the hidden administrative account cmuser that has no password and has write access permissions to the device. The user cmuser is not visible in the Users menu list of the application.
76986786233f93566ddb9953be6f98bfa450885a5ac241ed16617a8870a9ff2bFatPipe Networks WARP/IPVPN/MPVPN version 10.2.2 is vulnerable to an unauthenticated configuration disclosure when a direct object reference is made to the backup archive file using an HTTP GET request.
c9208e538a5afc70b3635572f890f2667c94de059d48740427d2b3abf186786cFatPipe Networks WARP version 10.2.2 suffers from an authorization bypass vulnerability.
d011bfaa75604c3b3dc63ad611330b11fc8a534120edc38f724e1a4f58929d87
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed