Avtech IP cameras, NVRs, and DVRs suffer from bypass, cross site request forgery, command injection, information disclosure, and many other vulnerabilities.
399d48068b915f13ed98e6fe0ab90e57c85ffe1dd876027e0a871bcf5fae97b9UPC Hungary devices have the same administrative password for all devices, send it insecurely over the wire, and also use telnetd by default.
9e0e33c17bc41fa8dc76d5a50ef735e96f09bdd73c9fadc26ee098ec11b32761The Technicolor TC7200 suffers from session management issues and also uses a fixed password for backup file encryption. Proof of concept code included.
7a2e8ac2ef48f60614987fa552f45f98556917682e70c63df7742e5ad41f458aThe Hitron CGNV4 modem / router suffers session management, cross site request forgery, and command injection vulnerabilities.
2a15eddd92ab306aaaee355eb8bf20ff26a53b441933d2dec2f3ce8192f1593aThe Compal CH7465LG-LC suffers session management, denial of service, unauthenticated configuration changes, and command injection vulnerabilities. Proof of concept included.
5d06e5b58ccc73b68e5bffdbf0373df8bb1bc1f24567e7cae58f2a5c6f1b02e6The default SSID and passphrase on the Cisco EPC3925 are derived from the MAC address and the DOCSIS serial number. Since the MAC address of the device is broadcasted via WiFi and the typical serial number is within the range 200.000.000 and 260.000.000, the default password can be brute-forced within minutes. Proof of concept included.
6072b1ec30864428a22619448d2693155647c1a284a3e7a6e034187b98d0048eLG NAS N1A1 version 10119 suffers from insecure direct object reference, SQL injection, directory traversal, arbitrary file upload/download, and sensitive information disclosure vulnerabilities. Full proof of concept exploit included.
139d5541d3893fafb2b210fa4aee32b765e26956f437ba541403c289104e42e5SEARCH-LAB performed an independent security assessment on four different D-Link devices. The assessment has identified altogether 53 unique vulnerabilities in the latest firmware (dated 30-07-2014). Several vulnerabilities can be abused by a remote attacker to execute arbitrary code and gain full control over the devices.
1171f7b6ef3b9988b436da7e93b267aab8de442398c22cf0acfa717cbfa2ab37PuTTY versions 0.62 and below suffer from an SSH handshake heap overflow vulnerability.
e29077b43031296e74b1211a81e961e5d6dfe9cf8695d7e7b120536e82fc21a0
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed