exploit the possibilities
Showing 1 - 25 of 39 RSS Feed

Files

TrueOnline ZyXEL / Billion Command Injection / Default Credentials
Posted Jan 17, 2017
Authored by Pedro Ribeiro

TrueOnline is a Thai ISP that distributes customized versions of ZyXEL and Billion routers - customized with vulnerabilities that is. The routers contain several default administrative accounts and command injections that can be abused by authenticated and unauthenticated attackers.

tags | exploit, vulnerability
MD5 | d49de80d7e395e6a46e6479d644ea66f

Related Files

Zyxel Armor X1 WAP6806 Directory Traversal
Posted Jul 15, 2020
Authored by Rajivarnan R

Zyxel Armor X1 WAP6806 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2020-14461
MD5 | 3489e3347ae626ade153762d017313f6
Zyxel CNM SecuManager 3.1.0 / 3.1.1 Hardcoded Keys / XSS / Code Execution
Posted Mar 15, 2020
Authored by Pierre Kim

Zyxel CNM SecuManager versions 3.1.0 and 3.1.1 suffer from having hard-coded secrets, missing authentication, backdoors, and remote code execution vulnerabilities.

tags | exploit, remote, vulnerability, code execution
MD5 | 2e1435720bcdefbc176a9b238aa29e7e
ZyXEL P-660HN-T1 V2 Missing Authentication / Password Disclosure
Posted May 31, 2019
Authored by Onur Onur

The ZyXEL P-660HN-T1 V2 rpWLANRedirect.asp page is missing authentication and discloses an administrator password.

tags | exploit, asp, bypass
advisories | CVE-2019-6725
MD5 | cf5fae94f3ebd7bddbf170217d338656
Zyxel ZyWall Cross Site Scripting
Posted Apr 16, 2019
Authored by Aaron Bishop

ZyWall 310, ZyWall 110, USG1900, ATP500, and USG40 devices suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-9955
MD5 | 6a488936efef77d973078a35e0209519
Zyxel VMG3312-B10B DSL-491HNU-B1 V2 Cross Site Request Forgery
Posted Feb 6, 2019
Authored by Yusuf Furkan

Zyxel VMG3312-B10B DSL-491HNU-B1 V2 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2019-7391
MD5 | d03489f72f2fda1507d259824d00692e
Zyxel NBG-418N V2 Cross Site Request Forgery
Posted Jan 24, 2019
Authored by Ali Can Gonullu

Zyxel NBG-418N V2 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2019-6710
MD5 | 850dc5a32f75221930fac48dd5fba6f7
Zyxel VMG1312-B10D 5.13AAXA.8 Directory Traversal
Posted Nov 26, 2018
Authored by numan turle

Zyxel VMG1312-B10D 5.13AAXA.8 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
MD5 | fed4245419c14b84eba230446aee15a1
ZyXEL VMG3312-B10B Credential Disclosure
Posted Oct 30, 2018
Authored by numan turle

ZyXEL VMG3312-B10B versions prior to 1.00 (AAPP.7) suffer from a credential disclosure vulnerability.

tags | exploit, info disclosure
MD5 | d7d23c2b70dbfc679ed549383bbcd020
ZyXEL VMG3312-B10B Cross Site Scripting
Posted Aug 22, 2018
Authored by Samet Sahin

ZyXEL VMG3312-B10B suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | af040df299f5f99ac6a6cf82b3026574
ZyXEL P-660HW UDP Denial Of Service
Posted Jan 12, 2018
Authored by Hosein Askari

ZyXEL P-660HW suffers from a UDP fragmentation denial of service vulnerability.

tags | exploit, denial of service, udp
advisories | CVE-2018-5330
MD5 | 540f62d029470090796859bb2a8aeed4
ZyXEL P-660HW TTL Expiry Denial Of Service
Posted Dec 26, 2017
Authored by Hosein Askari

ZyXEL P-660HW version 3 suffers from a TTL expiry denial of service vulnerability.

tags | exploit, denial of service
advisories | CVE-2017-17901
MD5 | 24fe8c74e6e1058c31bc330240970fb9
ZyXEL PK5001Z Modem Backdoor Account
Posted Nov 2, 2017
Authored by Matthew Sheimo

The ZyXEL PK5001Z modem has a hardcoded backdoor admin account that allows escalation to root.

tags | exploit, root
advisories | CVE-2016-10401
MD5 | bca3b4449d9fcb8fb0e87e0643eda104
Zyxel P-2812HNU-F1 DSL Router Command Injection
Posted Sep 29, 2017
Authored by Willem de Groot

The Zyxel P-2812HNU-F1 DSL router suffers from a remote command injection vulnerability. Firmware versions V3.11TUE3 (KPN) and V3.11TUE8 (KPN) are affected.

tags | exploit, remote
MD5 | 4e96266347da2978416374bfccea7eb7
Zyxel / EMG2926 Command Injection
Posted Apr 2, 2017
Authored by Trevor Hough

Zyxel / EMG2926 versions prior to 1.00(AAQT.4)b8 suffers from an OS command injection vulnerability.

tags | exploit
advisories | CVE-2017-6884
MD5 | 21edb9e981513751e15748e78fe00696
TrueOnline / ZyXEL P660HN-T v2 Router Authenticated Command Injection
Posted Feb 1, 2017
Authored by Pedro Ribeiro | Site metasploit.com

TrueOnline is a major ISP in Thailand, and it distributes a customized version of the ZyXEL P660HN-T v2 router. This customized version has an authenticated command injection vulnerability in the remote log forwarding page. This can be exploited using the "supervisor" account that comes with a default password on the device. This Metasploit module was tested in an emulated environment, as the author doesn't have access to the Thai router any more. Any feedback should be sent directly to the module's author, as well as to the Metasploit project. Note that the inline payloads work best. There are Turkish and other language strings in the firmware, so it is likely that this firmware is not only distributed in Thailand. Other P660HN-T v2 in other countries might be vulnerable too.

tags | exploit, remote
MD5 | 5144d45c548229d7ab14cb1798aacdb3
TrueOnline / Billion 5200W-T Router Unauthenticated Command Injection
Posted Feb 1, 2017
Authored by Pedro Ribeiro | Site metasploit.com

TrueOnline is a major ISP in Thailand, and it distributes a customized version of the Billion 5200W-T router. This customized version has at least two command injection vulnerabilities, one authenticated and one unauthenticated, on different firmware versions. This Metasploit module will attempt to exploit the unauthenticated injection first, and if that fails, it will attempt to exploit the authenticated injection. This Metasploit module was tested in an emulated environment, as the author doesn't have access to the Thai router any more. Any feedback should be sent directly to the module's author, as well as to the Metasploit project. There are other language strings in the firmware, so it is likely that this firmware is not only distributed in Thailand. Other Billion 5200W-T in other countries might be vulnerable too.

tags | exploit, vulnerability
MD5 | a23cc92232428177c4f3ec4f89a7822d
TrueOnline / ZyXEL P660HN-T v1 Router Unauthenticated Command Injection
Posted Feb 1, 2017
Authored by Pedro Ribeiro | Site metasploit.com

TrueOnline is a major ISP in Thailand, and it distributes a customised version of the ZyXEL P660HN-T v1 router. This customised version has an unauthenticated command injection vulnerability in the remote log forwarding page. This Metasploit module was tested in an emulated environment, as the author doesn't have access to the Thai router any more. Any feedback should be sent directly to the module's author, as well as to the Metasploit project. There are other language strings in the firmware, so it is likely that this firmware is not only distributed in Thailand. Other P660HN-T v1 in other countries might be vulnerable too.

tags | exploit, remote
MD5 | dd4213c7e16f8b71eda3aa6be42156f4
Zyxel MAX3XX Series Wimax CPEs Hardcoded Root Password
Posted Mar 23, 2016
Authored by Gianni Carabelli

Plain text hardcoded passwords have been discovered in /bin/busybox and /bin/dropbear for Zyxel MAX3XX series Wimax CPEs.

tags | exploit
MD5 | 72a7a8ae063dc2679dc4abc2a4f7c4e2
ZyXel WAP3205 Cross Site Scripting
Posted Jan 24, 2016
Authored by Nicholas Lehman

ZyXel WAP3205 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | d671f7e5d8344a7d28bc927b7d7b2a0e
ZyXEL PMG5318-B20A OS Command Injection
Posted Oct 14, 2015
Authored by Karn Ganeshen

ZyXEL PMG5318-B20A suffers from a command injection vulnerability via the ping function.

tags | exploit
advisories | CVE-2015-6018
MD5 | c486347fc7d9f5c6984bfa9abe7865fb
ZYXEL P-660HN-T1H_IPv6 Denial Of Service
Posted Apr 23, 2015
Authored by Koorosh Ghorbani

ZYXEL P-660HN-T1H_IPv6 remote configuration editor / web service denial of service exploit.

tags | exploit, remote, web, denial of service
MD5 | fd962886d10439322739e572f2529b6d
ZyXEL SBG-3300 Security Gateway Cross Site Scripting
Posted Oct 3, 2014
Authored by Mirko Casadei

ZyXEL SBG-3300 Security Gateway suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-7277
MD5 | 1ba01cd0971e92d0eb7e4771d66c71cc
ZyXEL SBG-3300 Security Gateway Denial Of Service
Posted Oct 3, 2014
Authored by Mirko Casadei

ZyXEL SBG-3300 Security Gateway suffers from a malicious javascript denial of service vulnerability.

tags | exploit, denial of service, javascript
advisories | CVE-2014-7278
MD5 | 282b257bf5b5859ca0c24098bf1f14ef
ZyXEL Prestig P-660HNU-T1v2 Credential Disclosure
Posted Sep 25, 2014
Authored by Sebastian Magof

ZyXEL Prestig P-660HNU-T1v2 suffers from a remote credential disclosure vulnerability.

tags | exploit, remote, info disclosure
MD5 | 8da53cad7b12532c2ad7dccc3016be2e
Zyxel P660RT2 EE ADSL Router Brute Force / XSS
Posted Jun 22, 2014
Authored by MustLive

The Zyxel P660RT2 EE ADSL router suffers from brute force and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 311f1ac69b7f50754d390de4e9e41dea
Page 1 of 2
Back12Next

File Archive:

November 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    2 Files
  • 2
    Nov 2nd
    9 Files
  • 3
    Nov 3rd
    15 Files
  • 4
    Nov 4th
    90 Files
  • 5
    Nov 5th
    22 Files
  • 6
    Nov 6th
    16 Files
  • 7
    Nov 7th
    1 Files
  • 8
    Nov 8th
    1 Files
  • 9
    Nov 9th
    40 Files
  • 10
    Nov 10th
    27 Files
  • 11
    Nov 11th
    28 Files
  • 12
    Nov 12th
    13 Files
  • 13
    Nov 13th
    18 Files
  • 14
    Nov 14th
    2 Files
  • 15
    Nov 15th
    2 Files
  • 16
    Nov 16th
    29 Files
  • 17
    Nov 17th
    15 Files
  • 18
    Nov 18th
    15 Files
  • 19
    Nov 19th
    21 Files
  • 20
    Nov 20th
    16 Files
  • 21
    Nov 21st
    1 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    19 Files
  • 24
    Nov 24th
    32 Files
  • 25
    Nov 25th
    7 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close