624 matches found
Design/Logic Flaw
The UPnP HTTP server on Sonos wireless speaker products allow unauthorized access via a DNS rebinding attack. This can result in remote device control and privileged device and network information to be exfiltrated by an attacker...
Xxe
The External Control API in Roku and Roku TV products allow unauthorized access via a DNS Rebind attack. This can result in remote device control and privileged device and network information to be exfiltrated by an attacker...
CVE-2018-11314
The External Control API in Roku and Roku TV products allow unauthorized access via a DNS Rebind attack. This can result in remote device control and privileged device and network information to be exfiltrated by an attacker...
CVE-2018-11316
The UPnP HTTP server on Sonos wireless speaker products allow unauthorized access via a DNS rebinding attack. This can result in remote device control and privileged device and network information to be exfiltrated by an attacker...
CVE-2018-11316
The CVE-2018-11316 entry concerns Sonos wireless speaker devices whose UPnP HTTP server can be abused via a DNS rebinding attack. The affected component is the Sonos UPnP web server; the underlying issue is lack of access restriction allowing unauthorized control and information exfiltration from...
CVE-2018-11316
The UPnP HTTP server on Sonos wireless speaker products allow unauthorized access via a DNS rebinding attack. This can result in remote device control and privileged device and network information to be exfiltrated by an attacker...
CVE-2018-11314
CVE-2018-11314 affects Roku and Roku TV External Control API. The vulnerability enables unauthorized remote control via DNS rebinding, potentially exposing privileged device and network information. Documented impact includes remote device control and data exfiltration on affected Roku platforms;...
CVE-2018-11314
The External Control API in Roku and Roku TV products allow unauthorized access via a DNS Rebind attack. This can result in remote device control and privileged device and network information to be exfiltrated by an attacker...
Cisco Wide Area Application Services Software Scripts Privilege Escalation Vulnerability
A vulnerability in Cisco-provided scripts disk-check.sh and harcap.sh for Cisco Wide Area Application Services WAAS Software could allow an authenticated, local attacker to elevate their privilege level to root. The attacker must have valid user credentials with super user privileges level 15 to...
CVE-2018-11315
The Local HTTP API in Radio Thermostat CT50 and CT80 1.04.84 and below products allows unauthorized access via a DNS rebinding attack. This can result in remote device temperature control, as demonstrated by a tstat theat request that accesses a device purchased in the Spring of 2018, and sets a...
The vulnerability of the web interface of the microprogramming software for Cisco RV132W VPN routers, ADSL2+ and Cisco RV134W VDSL2, allows a perpetrator to execute arbitrary code with root privileges and gain full control over the device.
The vulnerability of the web interface of Microprogramming Software-based Cisco RV132W ADSL2+ and Cisco RV134W VDSL2 routers is due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor, operating remotely, to execute arbitrary code with root privileges...
Multiple vulnerabilities in Loxone Smart Home
Vendor & product description: "Loxone Electronics was founded in 2009. Our focus is the development and production of control solutions for all homes. Our aim is to make home automation interesting, affordable and accessible for everyone." URL: http://www.loxone.com/enus/company/about-us.html...
Contec Smart Home Unauthorized Password Reset Vulnerability
Contec Smart Home is a smart home management system for managing connected smart home devices. A security vulnerability exists in Contec Smart Home version 4.15, which stems from the program failing to require authentication for the newuser.php, edituser.php, deleteuser.php, and user.php files. A...
Contec Smart Home 4.15 - Unauthorized Password Reset
Contec Smart Home 4.15 - Unauthorized Password Reset Title : Contec smart home 4.15 Unauthorized Password Reset Shodan Dork : "content/smarthome.php" Vendor Homepage : http://contec.co.il Tested on : Google Chrome Tested version : 4.15 Date : 2018-03-14 Author : Z3ro0ne Contact :...
CVE-2018-0141
A vulnerability in Cisco Prime Collaboration Provisioning PCP Software 11.6 could allow an unauthenticated, local attacker to log in to the underlying Linux operating system. The vulnerability is due to a hard-coded account password on the system. An attacker could exploit this vulnerability by...
Huawei Mate 9 Pro Forensic Bypass Vulnerability
Huawei Mate 9 Pro is a smartphone from Huawei Huawei. A forensic bypass vulnerability in the voice wake-up module in the Huawei Mate 9 Pro phone could allow an attacker to trick a user into installing a malicious application, bypass authentication, and take control of the phone to send a short...
K7 Antivirus Premium elevation of privilege vulnerability (CNVD-2018-02143)
K7 Antivirus Premium is a suite of anti-virus software from K7 Computing India. A security vulnerability exists in versions prior to K7 Antivirus Premium 15.1.0.53. A local attacker can exploit the vulnerability to gain privileges by sending a specific IOCTL...
Cambium Networks cnPilot Cross-Site Request Forgery Vulnerability
Cambium Networks cnPilot is a cloud-enabled managed single-band router product from Cambium Networks, USA. A security vulnerability exists in Cambium Networks cnPilot using firmware version 4.3.2-R4 and earlier, which stems from a lack of cross-site request forgery controls. An attacker could...
Cambium Networks ePMP Cross-Site Scripting Vulnerability (CNVD-2018-01043)
Cambium Networks ePMP is a suite of wireless network access platforms from Cambium Networks, USA. The platform provides video surveillance, Wi-Fi hotspot and sensor connectivity. A cross-site scripting vulnerability exists in Cambium Networks ePMP using firmware version 3.5 and earlier, which ste...
The vulnerability of the ping.cgi script in NETGEAR DGN2200v1 integrated router software allows a hacker to execute arbitrary commands and gain full control over the device.
The vulnerability of the ping.cgi script in NETGEAR DGN2200v1 integrated routing software exists because measures to neutralize the special elements used in the operating system command have not been taken. Exploiting this vulnerability allows a malicious actor to execute arbitrary operating syst...