8 matches found
Access Control Bypass
Overview genieacs is an A TR-069 Auto Configuration Server ACS Affected versions of this package are vulnerable to Access Control Bypass via the NBI API endpoint. An attacker can gain unauthorized access to sensitive functionality or data by sending unauthenticated requests. Remediation There is ...
PT-2024-25535 · Axiros · Axess Auto Configuration Server
Name of the Vulnerable Software and Affected Versions: Axiros AXESS Auto Configuration Server ACS versions 4.x through 5.0.0 Description: The issue is related to Incorrect Access Control, allowing an authorization bypass that enables remote attackers to achieve unauthenticated remote code...
Cisco Patches Authentication Bypass in Cisco Prime Home
Cisco has patched a critical vulnerability in its Cisco Prime Home remote management software used by service providers to oversee and provision subscribers’ home devices. The flaw, found by Cisco engineers, is in the product’s web-based GUI and allows remote attackers to bypass authentication an...
o2 DSL Auto Configuration Server Credential Disclosure
Advisory: o2/Telefonica Germany: ACS Discloses VoIP/SIP Credentials The o2 Auto Configuration Server ACS discloses VoIP/SIP credentials of arbitrary customers when receiving manipulated CWMP packets. These credentials can then be used by an attacker to register any VoIP number of the victim. This...
TR-069 Auto Configuration Server Arbitrary Code Execution Vulnerability (CNVD-2015-00282)
TR-069 is the DSL Forum Technical Specification "CPE WAN Management Protocol CWMP", which defines the application layer protocol for remote management of end devices. An arbitrary code execution vulnerability exists in some server implementations of the TR-069 protocol. A remote attacker could...
TR-069 Auto Configuration Server Arbitrary Code Execution Vulnerability (CNVD-2015-00280)
TR-069 is the DSL Forum Technical Specification "CPE WAN Management Protocol CWMP", which defines the application layer protocol for remote management of end devices. Arbitrary code execution vulnerabilities exist in certain server implementations of TR-069. These vulnerabilities can be exploited...
TR-069 Auto Configuration Server Arbitrary Code Execution Vulnerability (CNVD-2015-00279)
TR-069 is the DSL Forum Technical Specification "CPE WAN Management Protocol CWMP", which defines the application layer protocol for remote management of end devices. Arbitrary code execution vulnerabilities exist in certain server implementations of TR-069. These vulnerabilities can be exploited...
TR-069 Auto Configuration Server Arbitrary Code Execution Vulnerability (CNVD-2015-00283)
TR-069 is the DSL Forum Technical Specification "CPE WAN Management Protocol CWMP", which defines the application layer protocol for remote management of end devices. An arbitrary code execution vulnerability exists in TR-069 Auto Configuration Server. A remote attacker can exploit this...