Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway systems have a web shell application that includes a service called Microhard Sh that is documented only as 'reserved for internal use'. This service can be enabled by an authenticated user within the Services menu in the web admin panel. This can also be enabled via CSRF attack. When the service is enabled, a user 'msshc' is created on the system with password 'msshc' for SSH shell access on port 22. When connected, the user is dropped into a NcFTP jailed environment, that has limited commands for file transfer administration. One of the commands is a custom added 'ping' command that has a command injection vulnerability that allows the attacker to escape the restricted environment and enter into a root shell terminal that can execute commands as the root user. Many versions are affected.
d63f2a50ee02442ef6e23543b82b4fffc2edd25d0a4eb1517ce7302f0685eee2Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway systems suffer from an open redirection vulnerability. Many versions are affected.
b1c65c098fae18056a37bc3af2bb913a417646dd7ca9e523569cd1287a6f4f60Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway systems suffer from a system backup configuration file 'IPn4G.config' in '/' directory or its respective name based on the model name including the similar files in '/www/cgi-bin/system.conf', '/tmp' and the cli.conf in '/etc/m_cli/' can be downloaded by an authenticated attacker in certain circumstances. This will enable the attacker to disclose sensitive information and help her in authentication bypass, privilege escalation and/or full system access. Many versions are affected.
3308505cfc0dc6793c720ed8984af9ae73fb959eb91433b4b2602436f3c76825Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway systems suffer from an issue where due to the hidden and undocumented File Editor (Filesystem Browser) shell script 'system-editor.sh' an attacker can leverage this issue to read, modify or delete arbitrary files on the system. Input passed thru the 'path' and 'savefile', 'edit' and 'delfile' GET and POST parameters is not properly sanitized before being used to modify files. This can be exploited by an authenticated attacker to read or modify arbitrary files on the affected system. Many versions are affected.
77b3776b575148102cde8300432db7b719ab8ae3d84c651075588e8d0e88b7d0Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway systems have undocumented and hidden features present via the web management interface. These features allow an authenticated attacker to take full control of the device and/or modify internal OS settings, read arbitrary files or even render the device unusable. Many versions are affected.
14e267060987d08b2eb4ea6ee2c76f437562c939bd7ccf4ac98db80cb0273501Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway systems have an undocumented and hidden feature that allows an authenticated attacker to list running processes in the operating system and send arbitrary signals to kill any process running in the background including starting and stopping system services. This impacts availability and can be triggered also by CSRF attacks that requires device restart and/or factory reset to rollback malicious changes. Many versions are affected.
ce1880cac4ba27128730d544ef0c0d9d7bdc2bdb0b8c60f34576248a9947e81dVelotiSmart WiFi B-380 Camera suffers from a directory traversal vulnerability.
7c8101afd8d775089acc8e6126c84b11e5c6a84f781e1d59798fa08edd2c7ce6This Microsoft advisory notification includes advisories released or updated on July 16, 2018.
7ded65100cbc49a84a2c84c699deb4f66f65e5485d63b5067ad7882788cedacdMicrohard Systems 3G/4G Cellular Ethernet and Serial Gateway systems suffer from multiple authenticated arbitrary remote code execution vulnerabilities with highest privileges. This is due to multiple hidden and undocumented features within the admin interface that allows an attacker to create crontab jobs and/or modify the system startup script that allows execution of arbitrary code as root user. Many versions are affected.
1bdc3208cfd4fef967921a64ef3e023c7d742aac97247a3358a302633480272fMicrohard Systems 3G/4G Cellular Ethernet and Serial Gateway systems utilize hard-coded credentials within its Linux distribution image. These sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the gateway. Another vulnerability could allow an authenticated attacker to gain root access. The vulnerability is due to default credentials. An attacker could exploit this vulnerability by logging in using the default credentials. Many versions are affected.
b7feae71293fbd8e1957fcac4e55a97e86bf57aa73f7edb6187c4df486cc849fThis Microsoft bulletin summary holds a CVE update for CVE-2018-8319.
bdedfcd7f2a2bf34347e7ce302dad7674fdea6bc086f54b2ebb6426b3c3d2ec0Microsoft Windows Enterprise Mode Site List Manager versions 1 and 2 suffer from an XML external entity injection vulnerability.
5ea4ce1803fb58a81a4249efcc762b9ac4cf0a56d2a221f4bec1ed38ef34637dLibrary description files are XML files that define libraries. Libraries aggregate items from local and remote storage locations into a single view in Windows Explorer. Library description files follow the Library Description schema and are saved as *.library-ms files. The .library-ms filetype triggers forced authentication when a user/client accesses a remote share that houses an attacker supplied ".library-ms" file, disclosing credential hashes and other identifiable computer informations.
5a487357b727608fcaf8c888682dc65e0c920720125c20e8e1ac074682b2b0eeDebian Linux Security Advisory 4246-1 - Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. discovered that mailman, a web-based mailing list manager, is prone to a cross-site scripting flaw allowing a malicious listowner to inject scripts into the listinfo page, due to not validated input in the host_name field.
aac0eab0ee06185a0d7be5bb790a0fca7aabf4920148da56535d60cc2f9b3e84Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway systems allow users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. Many versions are affected.
b36448905fd02a579d3e95d11222a0acd73d3d78165724ea8f016658e0779db0Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway systems are prone to multiple reflected and stored cross-site scripting vulnerabilities due to a failure to properly sanitize user-supplied input to several parameters that are handled by various servlets. Attackers can exploit this issue to execute arbitrary HTML and script code in a user's browser session. Many versions are affected.
2c2c864e961de08f8e726f2b647913aff2b13bf29b8cce66e3aa650d3bd351e5Ubuntu Security Notice 3717-1 - Tavis Ormandy discovered that PolicyKit incorrectly handled certain invalid object paths. A local attacker could possibly use this issue to cause PolicyKit to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. It was discovered that PolicyKit incorrectly handled certain duplicate action IDs. A local attacker could use this issue to cause PolicyKit to crash, resulting in a denial of service, or possibly escalate privileges. This issue only affected Ubuntu 14.04 LTS. Various other issues were also addressed.
7b9aa26f312ac39e4b97279a9cacf1e2c8f625a61c1040cca0bf6077d0dfc716WordPress Job Manager plugin version 4.1.0 suffers from a cross site scripting vulnerability.
f8f076c9ee29dfd7a8bebfddc72344d917fecb7008601c3ae2e820ffdff721e9TP-Link Archer C60 version 1.0 suffers from a remote code execution vulnerability.
98587369e0339d67e6f3616f7c08119600cbd0e9a273c56d5ee6dfc91f50a4d6104 bytes small Linux/ARM bindshell shellcode that binds to tcp/1234.
0579b4a1356eba1d6aa94d318907860e8ae4600aeef2a2a5a04300d3887b0b2cLinux/x86_64 reverse shell (IPv6) shellcode with password.
2774dc4104166064c29f6fcb1bc9b8ed3bd2446cd99c78a62c81078b9e2b12fd
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed