Real Name | Gjoko Krstic |
---|---|
Email address | private |
First Active | 2007-07-26 |
Last Active | 2024-04-18 |
KevinLAB BEMS version 1.0 has an undocumented backdoor account and the sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the solution thru the RMI. Attacker could exploit this vulnerability by logging in using the backdoor account with highest privileges for administration and gain full system control. The backdoor user cannot be seen in the users settings in the admin panel and it also uses an undocumented privilege level (admin_pk=1) which allows full availability of the features that the BEMS is offering remotely.
e4b4cd6f51b8e33aae4b3ac4567d5823ab352a308e656ca6dc37edc4c64a9881
Ricon Industrial Cellular Router S9922XL suffers from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands as the admin (root) user via the ping_server_ip POST parameter. It is also vulnerable to Heartbleed.
6bc26692f58719553d7c44565a9e32b962f1b7a0df1be48e3aa022a96cc9e0b5
Epic Games Easy Anti-Cheat version 4.0 suffers from a local privilege escalation vulnerability.
70bfaf6aa2d0a149604e36475222505015277f0a6da0cde0042196586d13bf3c
Epic Games Rocket League version 1.95 suffers from a stack-based buffer overflow vulnerability. The issue is caused due to a boundary error in the processing of a UPK format file, which can be exploited to cause a stack buffer overflow when a user crafts the file with a large array of bytes inserted in the vicinity offset after the magic header. Successful exploitation could allow execution of arbitrary code on the affected machine.
9aca17edbee1e4311ae8f1782a958f79fa3979f842eee23c1d85f52f471dfe26
Epic Games Rocket League versions 1.95 and below suffer from an insecure permissions vulnerability.
7265a86350f635261f04efa01c468b9a397f529d7db60a2450121e1dfcc758b2
The Sipwise application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. Versions affected include CE_m39.3.1 and below and NGCP www_admin version 3.6.7.
7af65ecb81ce4b4c1a3d5b2e77c78c1b93a601f5b442985ac77bb97f00dc5731
Sipwise software platform suffers from multiple authenticated stored and reflected cross site scripting vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Versions affected include CE_m39.3.1 and below and NGCP www_admin version 3.6.7.
3a637df610f4399d796b60fd154117f140f2a37f20b84a0e7e662794af91313a
ZBL EPON ONU Broadband Router version 1.0 suffers from a privilege escalation vulnerability. The limited administrative user (admin:admin) can elevate his/her privileges by sending a HTTP GET request to the configuration backup endpoint or the password page and disclose the http super user password. Once authenticated as super, an attacker will be granted access to additional and privileged functionalities.
a038fd2df7c57dae5f716438ec33915df6608e83893e656beca767de6a065c08
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE version 2.0.1 suffers an insufficient session expiration. This occurs when the web application permits an attacker to reuse old session credentials or session IDs for authorization. Insufficient session expiration increases the device's exposure to attacks that can steal or reuse user's session identifiers.
0c41b0e418db6cc3fce61cd5b95edcec7bd24c9c50d23011b09d080bdd1e22af
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE version 2.0.1 suffers from a privilege escalation vulnerability. The non-privileged default user (user:user123) can elevate his/her privileges by sending a HTTP GET request to the configuration export endpoint and disclose the admin password. Once authenticated as admin, an attacker will be granted access to the additional and privileged pages.
ac657c7a920abc9292d94f15c71e9ea580b9222af282ef5304979b66ed446773
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE version 2.0.1 is susceptible to an unauthenticated configuration disclosure when direct object reference is made to the export_settings.cgi file using an HTTP GET request. This will enable the attacker to disclose sensitive information and help her in authentication bypass, privilege escalation and full system access.
603965054eb95da0577b3266629d2f47e3091bf6d4d5db74af928a5dc068442f
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE version 2.0.1 allows unauthenticated attackers to restart the device with an HTTP GET request to /goform/RestartDevice page.
004ac443ef3437a7dc29dd40e264756e3f0c35852ab627528f60fae29ab56c98
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE version 2.0.1 allows unauthenticated attackers to visit the unprotected /goform/LoadDefaultSettings endpoint and reset the device to its factory default settings. Once the GET request is made, the device will reboot with its default settings allowing the attacker to bypass authentication and take full control of the system.
3156b5880f18090db2cb6967bfda33c291e74fcbb4644825d31a6a7dfc004ac5
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE version 2.0.1 has an unprotected web management server that is vulnerable to sensitive information disclosure vulnerability. An unauthenticated attacker can visit the syslog page and disclose the webserver's log file containing system information running on the device.
958deee99bc7702bdefacdd8e76f855a06c557df09b4f20f289c8fa141562a8e
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE version 2.0.1 suffers from an insecure direct object reference vulnerability.
482b29e97ee4ccf4b8dc4e5040476664b4f3b97ca5897f736e1d3996a4ff86dc
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE version 2.0.1 has several backdoors and hidden pages that allow for remote code execution, overwriting of the bootrom, and enabling debug mode.
9e5c4d9e5a68baf4b8009ac9f6cdf69d972d6968d94358877a76aad28b0c3a26
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE version 2.0.1 generates its SSID and password based on the WAN MAC address.
4e69427bcce8662fc36c8b7b37b27b7d855a9ed957d32eec33f827ef7036e3a8
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE version 2.0.1 utilizes hard-coded credentials within its Linux distribution image. These sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the router.
d71480ffcd0ea393d093598a1fb0293c504c2831049982e7b945a93c48d78c4e
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE version 2.0.1 suffers from an authentication bypass vulnerability. An unauthenticated attacker can disclose sensitive and clear-text information resulting in authentication bypass by downloading the configuration of the device and revealing the admin password.
73a44e688725b9ff0a6abb769d144776d60b2d0df7ed23e37df9c6d6e287e278
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE version 2.0.1 suffers from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the pingAddr HTTP POST parameter bypassing the injection protection filter.
d2bfe72177362172a25975038e95f6f160f7bd9fdd925bd9901330b19327c20e
SOYAL 701Client version 9.0.1 suffers from an insecure permissions vulnerability.
98c780d8c151eac1f051e4d317f17b2296da9de1759ad6d0d93bec928bcc775c
SOYAL 701Server version 9.0.1 suffers from an insecure permissions vulnerability.
171228adc800c601677edb1f2cba5f4d1ce16c24bc4b7eea04f91c819b71a21d
SOYAL Biometric Access Control System version 5.0 suffers from a cross site request forgery vulnerability.
93e556f6e1d9d2300afc6b657f1c1067ff56c303dec1b576e8ad9bba10eaa74c
The web control panel SOYAL Biometric Access Control System version 5.0 uses a weak set of default administrative credentials (no password) that can be easily guessed in remote password attacks.
cf5ffc7de99376f5a3ece84fc81ec2a036e2f2d26fee7ffd41cc3181fbb1e3c7
The controller in SOYAL Biometric Access Control System version 5.0 suffers from a cleartext transmission of sensitive information. This allows interception of the HTTP traffic and disclose the Master code and the Arming code via a man-in-the-middle attack. An attacker can obtain these codes to enter into the controller's Programming mode and bypass physical security controls in place.
6f0eb9f532a18e1eeef54655c0a63c7701e9269776744ed835a8c1c721f5b664