CVE-2020-11449

An issue was discovered on Technicolor TC7337 8.89.17 devices. An attacker can discover admin credentials in the backup file, aka backupsettings.conf...

CVE-2020-11449

The CVE-2020-11449 entry applies to Technicolor TC7337 devices running version 8.89.17, where an attacker can extract admin credentials from the backup file (backupsettings.conf). This is the documented vulnerability and impact across multiple feeds; the connected documents confirm the same descr...

CVE-2020-11449

An issue was discovered on Technicolor TC7337 8.89.17 devices. An attacker can discover admin credentials in the backup file, aka backupsettings.conf...

CVE-2019-16155

A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to overwrite system files as root with arbitrary content through system backup file via specially crafted "BackupConfig" type IPC client requests to the fctsched process. Further more...

CVE-2019-6688

On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5 and BIG-IQ versions 6.0.0-6.1.0 and 5.2.0-5.4.0, a user is able to obtain the secret that was being used to encrypt a BIG-IP UCS backup file while sending SNMP query to the BIG-IP...

Humax Wireless Voice Gateway HGB10R-2 Information Disclosure Vulnerability

The Humax Wireless Voice Gateway HGB10R-2 is a home wireless voice gateway device. The product includes features such as a modem, IP phone and router. A security vulnerability exists in the Humax Wireless Voice Gateway HGB10R-2 version 201608171855. An attacker could exploit the vulnerability to...

Database Backup File Download Vulnerability in OTCMS

OTCMS Nettie CMS is an article-based web content management system CMS. OTCMS has a database backup file download vulnerability, which can be exploited by attackers to obtain sensitive information...

CVE-2019-19889

An issue was discovered on Humax Wireless Voice Gateway HGB10R-2 201608171855 devices. The attacker can discover admin credentials in the backup file, aka backupsettings.conf...

Cross site scripting

An issue was discovered on Humax Wireless Voice Gateway HGB10R-2 201608171855 devices. The attacker can discover admin credentials in the backup file, aka backupsettings.conf...

CVE-2019-19889

The CVE-2019-19889 entry affects Humax Wireless Voice Gateway HGB10R-2 (version 20160817_1855). The vulnerability allows an attacker to obtain admin credentials from the backup file backupsettings.conf, indicating an information-disclosure flaw. NVD CVSS details: CVSSv3.1 base score 7.5 (HIGH), a...

CVE-2019-19889

An issue was discovered on Humax Wireless Voice Gateway HGB10R-2 201608171855 devices. The attacker can discover admin credentials in the backup file, aka backupsettings.conf...

Bash Profile Persistence

This module writes an execution trigger to the target's Bash profile. The execution trigger executes a call back payload whenever the target user opens a Bash terminal. A handler is not run automatically, so you must configure an appropriate exploit/multi/handler to receive the callback. This...

Design/Logic Flaw

An issue was discovered in TitanHQ WebTitan before 5.18. In the administration web interface it is possible to upload a crafted backup file that enables an attacker to execute arbitrary code by overwriting existing files or adding new PHP files under the web root. This requires the attacker to ha...

CVE-2019-19020

CVE-2019-19020 affects TitanHQ WebTitan up to version 5.17. An attacker with a valid WebTitan web interface account can upload a crafted backup file that allows arbitrary code execution by overwriting existing files or adding new PHP files under the web root. This results in remote code execution...

CVE-2019-19020

An issue was discovered in TitanHQ WebTitan before 5.18. In the administration web interface it is possible to upload a crafted backup file that enables an attacker to execute arbitrary code by overwriting existing files or adding new PHP files under the web root. This requires the attacker to ha...

Hardcoded credentials

Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacker with access to the backup file to decipher the sensitive data, via knowledge of the hard-coded key. The aforementioned sensitive data includes users' passwords except the...

CVE-2019-6693

Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacker with access to the backup file to decipher the sensitive data, via knowledge of the hard-coded key. The aforementioned sensitive data includes users' passwords except the...

CVE-2019-6693

Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacker with access to the backup file to decipher the sensitive data, via knowledge of the hard-coded key. The aforementioned sensitive data includes users' passwords except the...

Xiaomi Mi WiFi R3G Command Injection Vulnerability

The Xiaomi Mi WiFi R3G is a 3G router from the Chinese company Xiaomi Technology. A security vulnerability exists in the Xiaomi Mi WiFi R3G backup file upload handling, which allows remote attackers to exploit the vulnerability to submit a special request that can execute arbitrary OS commands...

TerraMaster F2-210 Information Disclosure Vulnerability (CNVD-2019-38804)

The Terramaster F2-210 is an entry-level two-drive NAS. An information disclosure vulnerability exists in the TerraMaster F2-210. An attacker can exploit this vulnerability to download backup files from terramasterTNAS-00E43Aconfigbackup.bin without permission...