This Metasploit module bypasses the HTTP basic authentication used to access the /uapi-cgi/ folder and exploits multiple authenticated arbitrary command execution vulnerabilities within the parameters of various pages on Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx, EFD-22xx, ETHC-22xx, and EWPC-22xx devices running firmware versions 1.12.0.27 and below as well as firmware versions 1.12.13.2 and 1.12.14.5. Successful exploitation results in remote code execution as the root user.
cf7ad8dd0a73829d3346e2425a6d3d0e8426e0d758005a97a9748eb069e34e22
Alpha Networks ADSL2/2+ Wireless Router version ASL-26555 suffers from a remote administration password disclosure vulnerability. Tested on firmware version 2.0.0.30B_ES.
0acc750576387e5c5c8428df81f18e8f0e01592d9d5308c8ea0f94e991b8de78
A vulnerability exists for Iomega network storage devices with EMC Lifeline firmware that can potentially be exploited to gain unauthorized access to remote shares in certain circumstances. If remote access (including port-forwarding) is enabled on affected Iomega devices, all created shares (including shares on connected USB devices) could potentially be accessed by unauthorized remote users or systems due to access control issues.
1751607ad763d8c3030dd46fa7360620eefb9a7f9ade9c9368211dd334e6edf7
QNAP Turbo NAS with firmware versions 3.6.1 Build 0302T and below suffer from a command injection vulnerability that allows for remote code execution.
bcec74851c024f2e1466935f495fd1687810e39d50b44f12aa001bc14964e143
HP Security Bulletin HPSBPI02728 SSRT100692 6 - In November, 2011, a potential security vulnerability was identified with certain HP printers and HP digital senders. The vulnerability could be exploited remotely to install unauthorized printer firmware. This revision, version 6, of the Security Bulletin announces the availability of firmware updates for additional devices.
6b9303b4257f0a92fb10e6843f9b596fd3b0ff2087609043ce342140b4a101ad
HP Security Bulletin HPSBPI02728 SSRT100692 5 - A potential security vulnerability has been identified with certain HP printers and HP digital senders. The vulnerability could be exploited remotely to install unauthorized printer firmware. Revision 5 of this advisory.
34fc17a3a00efdd16c2e510fe459251c21d59b231555ad0e979a5da926ca663a
Secunia Security Advisory - Sense of Security has reported a security issue in Snom VoIP Phone Firmware, which can be exploited by malicious people to bypass certain security restrictions.
bdd99dccd465ec4c59bbf42bc1f0b06ef8b4944a9f0c632126074ac0519348ff
Secunia Security Advisory - Sense of Security has reported a security issue and a vulnerability in Snom VoIP Phone Firmware, which can be exploited by malicious people to bypass certain security restrictions and conduct cross-site request forgery attacks.
9d55a5c4cc119aba5c9ab9d76cce3f9611f9d1be5e38cbfe9ee8fc2efafed802
Secunia Security Advisory - Sense of Security has reported a security issue in Snom VoIP Phone Firmware, which can be exploited by malicious people to bypass certain security restrictions.
52fd7d90f18e1af4afd57abcfc7e0a98cc2f675e2689ddcf564d0e2a43c57ede
HP Security Bulletin HPSBPI02728 SSRT100692 4 - A potential security vulnerability has been identified with certain HP printers and HP digital senders. The vulnerability could be exploited remotely to install unauthorized printer firmware. Revision 4 of this advisory.
ae3a06d6319920eca0609887ae91355785a811ce0226b7717b8527b4072104ba
HP Security Bulletin HPSBPI02728 SSRT100692 3 - A potential security vulnerability has been identified with certain HP printers and HP digital senders. The vulnerability could be exploited remotely to install unauthorized printer firmware. Revision 3 of this advisory.
dd5e56f566ad2ca9b114239aba459968b740fd1b964f71a9074e028284d0c8a1
HP Security Bulletin HPSBPI02728 SSRT100692 2 - A potential security vulnerability has been identified with certain HP printers and HP digital senders. The vulnerability could be exploited remotely to install unauthorized printer firmware. Revision 2 of this advisory.
ff6f22298de3f425de467f22cf364320ca21ac4e7ef6bb1908722100799044d9
The IBM TS3200/TS3200 Web User Interface is vulnerable to an authentication bypass attack. By sending a series of requests to the authentication function, it is possible to trigger a condition which causes the application to grant an access cookie which permits remote administration. Firmware less than A.60 is affected.
251930962a416ff086d78263b78eb5f8dcc016095a831b437bd5a97ae19df1ac
Secunia Security Advisory - Oracle has acknowledged some vulnerabilities in Sun System Firmware, which can be exploited by malicious people to conduct spoofing attacks, cause a DoS (Denial of Service), and potentially compromise a user's system.
ca8de27c8fdebbee80901664bdcdd9943caeaf960ed3984e7122403b6e96ff00
HP Security Bulletin HPSBPI02728 SSRT100692 - A potential security vulnerability has been identified with certain HP printers and HP digital senders. The vulnerability could be exploited remotely to install unauthorized printer firmware. Revision 1 of this advisory.
d48441fde8682890a6be06f1b7536c5c8c950288456b21ade23cb63724135da3
Apple Security Advisory 2011-11-10-2 - Time Capsule and AirPort Base Station (802.11n) Firmware 7.6 is now available and addresses a security vulnerability. dhclient allowed remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message. This issue is addressed by stripping shell meta-characters in dhclient-script.
6e8e307de2ea87a65b2fbe4858a5cdefa741c0cb65ec28c910798ebd7cbf3bd9
Whitepaper called Digging Inside VxWorks OS and Firmware - Holistic Security. VxWorks is one of the most widely accepted embedded OSes. In this paper, they have conducted a detailed study of the VxWorks OS security model and firmware in order to understand the potential impact of security vulnerabilities and weaknesses.
2c622ddb4286be353e85ab46da20fe4b0ca3a0d882e1cf8d909f856256f15449
IP Cameras such as TRENDnet, Digicom, and iPUX all share a firmware that suffers from undocumented user, command injection, hidden telnet service, and various other vulnerabilities.
2e13035b1da24232cad2b5abbce7c0d6968fb792c214dcbcbecba7542a6aaf4b
Belkin G Wireless Router with firmware version 5.00.12 suffers from a password hash disclosure vulnerability.
1ff16d35f0826f93976163d23810916b6c842c832770207c9409be7c72c79f0d
The Cisco Linksys Wireless G Broadband Router WRT54G with firmware version 4.21.1 suffers from a cross site scripting vulnerability.
33023e6063d14ffdaada37d384498349e1d019e88d22a6bd58eef458b22376b7
Linksys WRT54G with firmware version 7.00.1 suffers from an administrative password disclosure vulnerability via ftpd.
29ac89d17267faf8260fc55d0bf0cea35b3acec9de7d42041acbc8aaabc40393
ProxBrute is a custom firmware written for the proxmark3. It extends the currently available firmware (revision 465) to support brute force attacks against proximity card access control systems. This version of ProxBrute requires the knowledge of a [once] valid tag value to vertically or horizontally escalate the tag's privileges.
a155a9dd000312c20ecbe6ca6bab1bc991183e9dea73578a76754b148ab1332a
RoomWizard suffers from a default password and sync connector credential leak vulnerability. Firmware version 3.2.3 is affected.
cd571a6d6eac92710b122e7baf4146e0163348b1c380b890746f3484d6c692d5
This file provides a detailed description of a privilege escalation vulnerability that has been confirmed to affect the DIR-615 revD router running firmware version 4.11.
a160c910db3449d12d52aa5b71001bba6e2a99708a556a84bf479eddf5694cb0
Secunia Security Advisory - A vulnerability has been reported in Intel Xeon 5500 and 5600 Series BMC Firmware, which can be exploited by malicious users to gain escalated privileges.
01e20d92ef50436b1c0eef5c25bdb74ed3a2e0277f94650daf9927dd6874e094
Web-based Local Management Interface (LMI) of IBM Proventia Network Mail Security System appliance (firmware 1.6) is vulnerable to a CRLF Injection vulnerability. When exploited by an authenticated attacker, such vulnerability could lead to compromising the security of the appliance, allowing injection of custom HTTP cookies, forcing external redirects, potential HTTP Response Splitting attacks, etc.
e89f3a47c9d247e4c7ef74ea39c92a4c23d3b46381a0211b7b0b6dd059c87d44