63 matches found
Code injection
An authenticated attacker with low privileges can activate high privileged user and use it to expand attack surface in Eltex ESP-200 firmware version 1.2.0...
CVE-2018-15360
An attacker without authentication can login with default credentials for privileged users in Eltex ESP-200 firmware version 1.2.0...
CVE-2018-15358
An authenticated attacker with low privileges can activate high privileged user and use it to expand attack surface in Eltex ESP-200 firmware version 1.2.0...
Default credentials
An attacker without authentication can login with default credentials for privileged users in Eltex ESP-200 firmware version 1.2.0...
CVE-2018-15358
An authenticated attacker with low privileges can activate high privileged user and use it to expand attack surface in Eltex ESP-200 firmware version 1.2.0...
CVE-2018-15359
An authenticated attacker with low privileges can use insecure sudo configuration to expand attack surface in Eltex ESP-200 firmware version 1.2.0...
CVE-2018-15360
An attacker without authentication can login with default credentials for privileged users in Eltex ESP-200 firmware version 1.2.0...
CVE-2018-15356
An authenticated attacker can execute arbitrary code using command ejection in Eltex ESP-200 firmware version 1.2.0...
Code injection
An authenticated attacker with low privileges can extract password hash information for all users in Eltex ESP-200 firmware version 1.2.0...
CVE-2018-15359
An authenticated attacker with low privileges can use insecure sudo configuration to expand attack surface in Eltex ESP-200 firmware version 1.2.0...
CVE-2018-15357
An authenticated attacker with low privileges can extract password hash information for all users in Eltex ESP-200 firmware version 1.2.0...
CVE-2018-15356
An authenticated attacker can execute arbitrary code using command ejection in Eltex ESP-200 firmware version 1.2.0...
CVE-2018-15358
Summary: CVE-2018-15358 affects the Eltex ESP-200 wireless router, specifically firmware version 1.2.0. An authenticated attacker with low privileges can activate a high-privilege user, expanding the attacker’s access surface. The issue is described as an elevation of privilege vulnerability affe...
CVE-2018-15356
CVE-2018-15356 affects Eltex ESP-200 firmware 1.2.0, where an authenticated attacker can execute arbitrary code via command ejection. The vulnerability is documented across multiple feeds (NVD, CNVD, CVE listing, PRION/PT-2018-12990) with an impact of remote code execution authenticated by creden...
CVE-2018-15359
The CVE affects Eltex ESP-200 firmware version 1.2.0. An authenticated attacker with low privileges can exploit an insecure sudo configuration to expand the attack surface. The issue is tied to how sudo is configured on the device, enabling elevated access or broader control than intended. Offici...
CVE-2018-15360
The CVE-2018-15360 vulnerability affects Eltex ESP-200 devices running firmware version 1.2.0. An unauthenticated attacker can log in using default credentials to obtain privileged access. Root cause: use of default credentials for privileged accounts. Impact: potential full control of the device...
CVE-2018-15360
An attacker without authentication can login with default credentials for privileged users in Eltex ESP-200 firmware version 1.2.0...
CVE-2018-15357
Eltex ESP-200 may disclose password hashes. Affected product: ESP-200 firmware version 1.2.0. Vulnerability: authenticated user with low privileges can extract password hash information for all users (information disclosure). Root cause: information disclosure in firmware 1.2.0 is documented acro...
CVE-2018-15359
An authenticated attacker with low privileges can use insecure sudo configuration to expand attack surface in Eltex ESP-200 firmware version 1.2.0...
PT-2018-12993 · Eltex · Eltex Esp-200 +1
Name of the Vulnerable Software and Affected Versions: Eltex ESP-200 firmware version 1.2.0 Description: The issue allows an authenticated attacker with low privileges to expand the attack surface due to an insecure sudo configuration. Recommendations: For Eltex ESP-200 firmware version 1.2.0,...