KZTech/JatonTec/Neotel JT3500V 4G LTE CPE version 2.0.1 suffers an insufficient session expiration. This occurs when the web application permits an attacker to reuse old session credentials or session IDs for authorization. Insufficient session expiration increases the device's exposure to attacks that can steal or reuse user's session identifiers.
84f580c69eb4c4b67b39a30f8f592c3a
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE version 2.0.1 suffers from a privilege escalation vulnerability. The non-privileged default user (user:user123) can elevate his/her privileges by sending a HTTP GET request to the configuration export endpoint and disclose the admin password. Once authenticated as admin, an attacker will be granted access to the additional and privileged pages.
dd6d3f0b7899d4ca7fe2150949c8b308
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE version 2.0.1 is susceptible to an unauthenticated configuration disclosure when direct object reference is made to the export_settings.cgi file using an HTTP GET request. This will enable the attacker to disclose sensitive information and help her in authentication bypass, privilege escalation and full system access.
1d8b3dfcfefc72d5cdcf8b936e80404e
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE version 2.0.1 allows unauthenticated attackers to restart the device with an HTTP GET request to /goform/RestartDevice page.
bdaea7da6759d7010755dac41c4e9199
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE version 2.0.1 allows unauthenticated attackers to visit the unprotected /goform/LoadDefaultSettings endpoint and reset the device to its factory default settings. Once the GET request is made, the device will reboot with its default settings allowing the attacker to bypass authentication and take full control of the system.
cf7093a93ef32ed17a151baf6bc19791
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE version 2.0.1 has an unprotected web management server that is vulnerable to sensitive information disclosure vulnerability. An unauthenticated attacker can visit the syslog page and disclose the webserver's log file containing system information running on the device.
5355e78b600626554654f401bfe4118d
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE version 2.0.1 suffers from an insecure direct object reference vulnerability.
d1b12dafef4bdd9f745273625e0f2617
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE version 2.0.1 has several backdoors and hidden pages that allow for remote code execution, overwriting of the bootrom, and enabling debug mode.
90b3d2dea4b497955070ee3ed9a3f266
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE version 2.0.1 generates its SSID and password based on the WAN MAC address.
7e5b5ebc4a7a2a56b06b04aff7a184b9
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE version 2.0.1 utilizes hard-coded credentials within its Linux distribution image. These sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the router.
e73456784d21e441ba4eacb5392c83b2
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE version 2.0.1 suffers from an authentication bypass vulnerability. An unauthenticated attacker can disclose sensitive and clear-text information resulting in authentication bypass by downloading the configuration of the device and revealing the admin password.
e9c689c7edb292edf9f63d1991b4a4cd
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE version 2.0.1 suffers from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the pingAddr HTTP POST parameter bypassing the injection protection filter.
1a328f5c085e43fdbc6aa762de109b6f
A vulnerability exists within win32k that can be leveraged by an attacker to escalate privileges to those of NT AUTHORITY\SYSTEM. The flaw exists in how the WndExtra field of a window can be manipulated into being treated as an offset despite being populated by an attacker-controlled value. This can be leveraged to achieve an out of bounds write operation, eventually leading to privilege escalation.
e274220882ab8ab04e644c948cae5ff3
This Metasploit module exploits an unauthenticated log file upload within the log_upload_wsgi.py file of VMWare View Planner 4.6 prior to 4.6 Security Patch 1. Successful exploitation will result in remote code execution as the apache user inside the appacheServer Docker container.
fdf94c86e405a2eb33104f6978f68b72
SOYAL 701Client version 9.0.1 suffers from an insecure permissions vulnerability.
6421226bd5aed765b397010c39c1368d
SOYAL 701Server version 9.0.1 suffers from an insecure permissions vulnerability.
3b51fa9ee0f73925df5fd8339e92606f
SOYAL Biometric Access Control System version 5.0 suffers from a cross site request forgery vulnerability.
2893ad78302b33102388b180dc19506d
The web control panel SOYAL Biometric Access Control System version 5.0 uses a weak set of default administrative credentials (no password) that can be easily guessed in remote password attacks.
5c21b980433cae71313be94d4387bd2e
The controller in SOYAL Biometric Access Control System version 5.0 suffers from a cleartext transmission of sensitive information. This allows interception of the HTTP traffic and disclose the Master code and the Arming code via a man-in-the-middle attack. An attacker can obtain these codes to enter into the controller's Programming mode and bypass physical security controls in place.
1beb802bc3fbde60c391b10c557c6ae8
VestaCP version 0.9.8 suffers from a command injection vulnerability.
61152e8e70f2e0f61b717140e4415616
Eclipse Mosquitto MQTT broker version 2.0.9 suffers from an unquoted service path vulnerability.
7b03cd8371cf1bdb2ea70fac29527a20
Profiling System for Human Resource Management version 1.0 suffers from a remote code execution vulnerability.
ed72241bce9c3fd80331a96e1d6a858a
Ubuntu Security Notice 4882-1 - It was discovered that the Ruby JSON gem incorrectly handled certain JSON files. If a user or automated system were tricked into parsing a specially crafted JSON file, a remote attacker could use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that Ruby incorrectly handled certain socket memory operations. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Various other issues were also addressed.
81a24afb7b9477db4f4abcf41514d69d
Boonex Dolphin version 7.4.2 suffers from a persistent cross site scripting vulnerability.
184f1fed969d0f5d89528bcd9596ddea
Red Hat Security Advisory 2021-0940-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability.
30de3349d74bd541ec9d32a351738c2f