| Real Name | Gjoko Krstic |
|---|---|
| Email address | private |
| First Active | 2007-07-26 |
| Last Active | 2023-05-15 |
Screen SFT DAB 600/C is affected by an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this via a specially crafted request to gain access to sensitive information including usernames and source IP addresses.
e3416b7b51b13c8a02e0377d294d6b4b558ba2a448f681c4ee83ec0d4a9214dfScreen SFT DAB 600/C suffers from a weak session management that can allow an attacker on the same network to bypass these controls by reusing the same IP address assigned to the victim user (NAT) and exploit crucial operations on the device itself. By abusing the IP address property that is binded to the Session ID, one needs to await for such an established session and issue unauthorized requests to the vulnerable API to manage and/or manipulate the affected transmitter.
0775eb59979d4285d81f3e446995dfddd17a03e6b3fb4d0066b5e60a4d94b27aScreen SFT DAB 600/C exploit that circumvents the control and requirement of the admin's old password and directly changes the password.
dfcbdbbd5c02702d5532b7a0e38376e5c9b13dc8b11dcbb24c7816464b0a1048Screen SFT DAB 600/C suffers from a weak session management that can allow an attacker on the same network to bypass these controls by reusing the same IP address assigned to the victim user (NAT) and exploit crucial operations on the device itself. By abusing the IP address property that is binded to the Session ID, one needs to await for such an established session and issue unauthorized requests to the vulnerable API to manage and/or manipulate the affected transmitter.
e5293775a6d798d227c2626e73ff3e846471a825452ef4ce910c61e4724d48d2Screen SFT DAB 600/C suffers from a weak session management that can allow an attacker on the same network to bypass these controls by reusing the same IP address assigned to the victim user (NAT) and exploit crucial operations on the device itself. By abusing the IP address property that is binded to the Session ID, one needs to await for such an established session and issue unauthorized requests to the vulnerable API to manage and/or manipulate the affected transmitter.
2848c1fbf6cfd49fdb794989936933fa8921c22fc36b62a88a8e30d1da63c3aaScreen SFT DAB 600/C suffers from a weak session management that can allow an attacker on the same network to bypass these controls by reusing the same IP address assigned to the victim user (NAT) and exploit crucial operations on the device itself. By abusing the IP address property that is binded to the Session ID, one needs to await for such an established session and issue unauthorized requests to the vulnerable API to manage and/or manipulate the affected transmitter.
1734aa4dedbdbfbce8e975323fff3ec40c7fd2ae37818906ff3811eabf272f54Sielco PolyEco Digital FM Transmitter version 2.0.6 uses a weak set of default administrative credentials that can be easily guessed in remote password attacks to gain full control of the system.
4b06b64589263878904bbae281d9bc23f194bb5f895a3a50d9058978920f6a0eSielco PolyEco Digital FM Transmitter version 2.0.6 suffers from a cookie brute forcing vulnerability that can allow for session hijacking.
8f1daeafa0b883f3bc1384e9d0ca0360450ece2b79076365d95798b698667cd0Sielco PolyEco Digital FM Transmitter version 2.0.6 suffers from authentication bypass, account takeover / lockout, and privilege escalation vulnerabilities that can be triggered by directly calling the user object and modifying the password of the two constants user/role (user/admin). This can be exploited by an unauthenticated adversary by issuing a single POST request to the vulnerable endpoint and gain unauthorized access to the affected device with administrative privileges.
1779dd48b3ba2fb604c2b3fe1410c7bc803e1f964aaa62ab3b478868956ced70Sielco PolyEco Digital FM Transmitter version 2.0.6 suffers from an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this issue via a specially crafted request to gain access to sensitive information.
267418fd80ab371b230bbaa9fdec8767c24efde298174b16aca5925e335bcb57Sielco PolyEco Digital FM Transmitter version 2.0.6 suffers from a radio data system POST manipulation vulnerability.
e4b2d7df23ae1d7324dc922c11ba13e061cf42b3b6e86c38b42666eb035ea0d7Sielco PolyEco Digital FM Transmitter version 2.0.6 suffers from an authorization bypass vulnerability.
914581db2916f5747f0db33acd0f545ea153e562c456cbc46171baf8c4bada5dSielco PolyEco Digital FM Transmitter version 2.0.6 suffers from an authentication bypass vulnerability.
04fe7d8ff6572fa3612a369b0c0a33163c016a620b5ff6ab9e58d326db1f5cf8Sielco Radio Link version 2.06 suffers from a remote privilege escalation vulnerability.
0c75a354919091616a5f5737e0902174ba1e520eeba17f8046eaaf7514082d82Sielco Radio Link version 2.06 suffers from an improper access control vulnerability that allows for a lower privileged user to change the administrator's password.
f9373f954a93947453ded81dc6daa3fec0b14580a358bf7dd553b39b0a3ac6e3Sielco Radio Link version 2.06 suffers from a cross site request forgery vulnerability.
c17546acff364d10c1872ec359f38d4d53aa3ec8bfa731bb52efa125a19521ceSielco Radio Link version 2.06 suffers from a cookie brute forcing vulnerability that can allow for session hijacking.
b3c859a3990332816faa05fab3d576d807b312c06709f5259ba34906edcbc66eSielco Analog FM Transmitter version 2.12 suffers from a remote privilege escalation vulnerability.
f9e8dacd33d3784c7f722d94e8a2f150689a024754736b4c0454360058ce7c17Sielco Analog FM Transmitter version 2.12 suffers from an improper access control vulnerability that allows for a lower privileged user to change the administrator's password.
d26af0548c227a54b41c51e35c1c6513352b0b18304e8cf89730a7260c3ad51dSielco Analog FM Transmitter version 2.12 suffers from a cross site request forgery vulnerability.
c1c1c47865eb0e698992e725937498a55c55a78c7bf94b4e53ab2fcb7e6d18b5Sielco Analog FM Transmitter version 2.12 suffers from a cookie brute forcing vulnerability that can allow for session hijacking.
96ea285153f1385d9929ef190734969d4bc702d1d9aa0eea1a04870c880ae84aGoogle Chrome Browser version 111.0.5563.64 suffers from an AXPlatformNodeCocoa fatal out-of-memory denial of service vulnerability on macOS.
0f11dee0a3ee89decd4ede4b99ca33ca5b7ef40ffe08c8c8a668fe309ac5f950Osprey Pump Controller version 1.0.1 unauthenticated remote code execution exploit.
e3aa8cf09a10153c22c1fea563f19e0486760740b752b12095b5ec99f655864fOsprey Pump Controller version 1.0.1 suffers from a cross site request forgery vulnerability.
3ff94000035eb0e3d7750af6a36a24cd3f59ddd0bf32adc49eed8270dae8c139Osprey Pump Controller version 1.0.1 allows an unauthenticated attacker to create an account and bypass authentication, thereby gaining unauthorized access to the system.
f96ac6802073d61b8a8224120fbbc475b78857a672615467fe07f5419f23785a
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed