This Metasploit module exploits an authentication bypass vulnerability in DIR 645 < v1.03. With this vulnerability you are able to extract the password for the remote management.
7fe8b8b74336f5dc7dd1fec74d9b8ce3315a1065aebd43f4c022aa9e9817bb7bThis Metasploit module exploits an unauthenticated OS command execution vulnerability in the setup.cgi file in Netgear DGN1000 firmware versions up to 1.1.00.48, and DGN2000v1 models.
86c53ad96211bee0a0215a95caed6678b01af806833286d61151eee772e71fa9OS X 10.10 Bluetooth TransferACLPacketToHW crash denial of service proof of concept exploit.
8c9dfd0cb0115429d6229b818d3e69f753cdd59dc26b6381a12ffcbf5264ccdaOS X 10.10 Bluetooth BluetoothHCIChangeLocalName crash denial of service proof of concept exploit.
a50ca06a0203967966d658916c7f43401c0a173e68ebcbb744f3d6d302b27721OS X 10.10 Bluetooth DispatchHCIWriteStoredLinkKey crash denial of service proof of concept exploit.
37db7c5a2fc6b69ab0ef0c6553eac0fc38305a4d5fb988f3709bb90a9b37f70cOS X 10.10 Bluetooth DispatchHCICreateConnection crash denial of service proof of concept exploit.
49e70f11df3e52d1bdada50e1eb32c2d0ece6ef26ace20e545b163ba8458f9c3This proof of concept exploits a missing sign check in IOBluetoothHCIUserClient::SimpleDispatchWL() on Mac OS X Mavericks.
1dd3038cf5d241dc284516224174f72943e3ec4e439021ee7654973dc33df8a6Techboard/Syac DigiEye 3G devices suffer from a backdoor access vulnerability.
33cc889ede70ca75a8c0e1208e6650725ce6572d34b522656e3ccc4be7b34240This Metasploit module exploits an remote buffer overflow vulnerability on several D-Link routers. The vulnerability exists in the handling of HTTP queries to the authentication.cgi with long password values. The vulnerability can be exploitable without authentication. This Metasploit module has been tested successfully on D-Link firmware DIR645A1_FW103B11. Other firmwares such as the DIR865LA1_FW101b06 and DIR845LA1_FW100b20 are also vulnerable.
450e0c17e9ed8a5889f1222fd8943a072ac89cff24fdb5117836d675f119995dThis Metasploit module exploits an anonymous remote code execution vulnerability on several D-Link routers. The vulnerability exists in the handling of HTTP queries to the hedwig.cgi with long value cookies. This Metasploit module has been tested successfully on D-Link DIR300v2.14, DIR600 and the DIR645A1_FW103B11 firmware.
34fd8be52c6556ed2de772a2ee3aff9ac71be9f460f14eb17c88ae1909383dd4Sitecom WLR-4000 and WLR-4004 both v1 001 suffer from weak firmware encryption and have a predictable WPA key.
1859ad139fce73986b747a807e4df86ff957af3afdcef4c65e307925c5dee454Sitecom N300 and N600 devices suffer from multiple issues that allow for access bypass. These include an undocumented telnet service, weak WPA2 password generation, and hard-coded credentials.
99804c0b7e1c70777811daae7e8627c0958d447242528aba044f1060b71f0b4dThe Huawei B153 3G/UMTS router suffers from a WPS weakness that allows for authentication bypass.
e1b8d9adad2ae18e4390edb89b02911dcc7c522de998b02c605cb12990494dc5D-Link DIR-645 devices suffer from buffer overflow and cross site scripting vulnerabilities.
6c293bd3da2a28b48d005775dfec0ff6ae18ffecedfc9f5d9fee044e1dacaee2Multiple cameras suffer from having hardcoded backdoor accounts allowing for authentication bypass and code execution. Included are various 3S Vision, Asante Voyager, and ALinking cameras.
e5d05de9ba28af339c8a8385bfca41fad5e26d35ff3a6001d8630ba5675fcbbbNetgear DGN1000 with firmware version prior to 1.1.00.48 and Netgear DGN2200 version 1 suffer from authentication bypass and command execution vulnerabilities.
cc4a79d89c492b5de9ab547904883302b794d0b6e6cd1cf1d61806ddfe1a4660The Huawei AR1220 SNMPv3 service suffers from multiple buffer overflow vulnerabilities. Proof of concept code included.
a2461e3befdfb50515c11ca9595e07480247ee2c8f41a08738dc3a72c2c19311Sitecom WLM-3500 routers contain an undocumented access backdoor that can be abused to bypass existing authentication mechanisms.
f2ecdb133a910caba3fe823da7e97c6b19b3cd08e31d2581b74733a09d7fc2c9Netgear WNR1000 suffers from an authentication bypass vulnerability.
72c6cc5c8d4c418bcf9e4c0336a5047a0e2f2e3bb08d8d8efc6e07e63370d425D-Link DIR-645 devices suffer from a direct access authentication bypass vulnerability.
dcf3e8cc9b88697715721a2cb01e45776ca2a0185c8282b483cd16f4d102e436D-Link DCS Cameras suffer from authentication bypass and remote command execution vulnerabilities due to a remote information disclosure of the configuration.
c1329b50cb25791144375301f318deb9c2bb5c9ab4b24f003828a94666df0172Various Huawei products use DES without any salt to encrypt passwords. Included vulnerable are the Huawei Quidway series and Huawei CX600.
586945a98792e4b79e4cdf79efe5861cf28ea94190070c0a2759e3c7de8f3a24BigPond version 3G21WB suffers from hard-coded credentials and command injection vulnerabilities.
528d35dafb7e12c69511a3b7e37d3507bbea5187e3044ad1f0c8cccc97d468f2Ezylog Photovoltaic Management Server suffers from remote SQL injection, broken session management, hard-coded credential, and command injection vulnerabilities. The vendor has ignored the researcher.
c08de71fe982a59f6dfe14d76d8893338a491e1cf4c84021950bc3a71f354cacThis advisory expands on a previously known authentication bypass issue in D-Link ShareCenter products. It documents how the vulnerability can also be leveraged to execute arbitrary commands.
4a7f66cacd9969a9c8db74887be83cbc3943cb63c95b99147923056026257454
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed