Seagate GoFlex Satellite Remote Telnet Default Password

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 KL-001-2015-007 : Seagate GoFlex Satellite Remote Telnet Default Password Title: Seagate GoFlex Satellite Remote Telnet Default Password Advisory ID: KL-001-2015-007 Publication Date: 2015.12.18 Publication URL:...

Linksys EA6100 Wireless Router Authentication Bypass

Vulnerability Details Affected Vendor: Linksys Affected Product: EA6100 - EA6300 Wireless Router Affected Version: 1.1.5 Platform: Embedded Linux CWE Classification: CWE-288: Authentication Bypass Using an Alternate Path or Channel Impact: Remote Administration Attack vector: HTTP CVE-ID: 2...

Cradlepoint MBR 1200 / 1400 Local File Inclusion

Exploit Title: Cradlepoint MBR LFI Date: 7/7/2015 Exploit Author: DocHak Vendor Homepage: https://cradlepoint.com/ Version: 1200/1400 REQUIRED Tested on: Embedded linux I found a local file include with root level permissions on cradlepoint routers. So far looks like it works on MBR1400 and MBR12...

Cradlepoint MBR1400 and MBR1200 - Local File Inclusion

Exploit Title: Cradlepoint MBR LFI Date: 7/7/2015 Exploit Author: DocHak Vendor Homepage: https://cradlepoint.com/ Version: 1200/1400 REQUIRED Tested on: Embedded linux I found a local file include with root level permissions on cradlepoint routers. So far looks like it works on MBR1400 and MBR12...

Cradlepoint MBR1400 and MBR1200 Local File Inclusion Vulnerability

Exploit for hardware platform in category web applications Exploit Title: Cradlepoint MBR LFI Date: 7/7/2015 Exploit Author: DocHak Vendor Homepage: https://cradlepoint.com/ Version: 1200/1400 REQUIRED Tested on: Embedded linux I found a local file include with root level permissions on cradlepoi...

Cradlepoint MBR1400 and MBR1200 - Local File Inclusion

Cradlepoint MBR1400 and MBR1200 - Local File Inclusion Exploit Title: Cradlepoint MBR LFI Date: 7/7/2015 Exploit Author: DocHak Vendor Homepage: https://cradlepoint.com/ Version: 1200/1400 REQUIRED Tested on: Embedded linux I found a local file include with root level permissions on cradlepoint...

ipTIME DHCP Remote Command Execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory Information Title: 127 ipTIME router models vulnerable to an unauthenticated RCE by sending a crafted DHCP request Advisory URL: https://pierrekim.github.io/advisories/2015-iptime-0x02.txt Blog URL:...

HPSBHF03119 rev.3 - HP DreamColor Professional Display running Bash Shell, Remote Code Execution

Potential Security Impact Remote code execution VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP DreamColor Z27x Professional Display running Bash Shell. This is the Bash Shell vulnerability known as "ShellShock" which could be exploited remotely to allow...

Patching Bash Vulnerability a Challenge for ICS, SCADA

While the most urgent focus where the Bash vulnerability is concerned is around Internet-facing web servers, embedded systems and industrial control systems are not exempt from worry. Experts are concerned about Linux-based industrial control systems and SCADA equipment, in particular, that may b...

CVE-2014-6271

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the modcgi and modcg...

Embedded Device Security, BadUSB, Car Hacking at Black Hat

LAS VEGAS — At the risk of diving headfirst into the Internet of Things fray, embedded device security emerged as a shiny new penny during last week’s Black Hat and DEF CON festivities. Firmware is the new hacker black, and everything from USB sticks, to home routers, to automobiles is in play fo...

Advantech Embedded Linux Operating System Detection

Binary data 8053.prm...

IBM 1754 GCM16 1.18.0.22011 Command Execution Vulnerability

IBM 1754 GCM16 versions 1.18.0.22011 and below contain a flaw that allows a remote authenticated user to execute unauthorized commands as root. This flaw exist because webapp variables are not sanitized. In this case, parameters $count and $size from ping.php allow to create a special crafted URL...

Serious Vulnerabilities Found in Popular Home Wireless Routers

Hackers love to attack Java. Why? Well, not only because it is full of holes, but because it’s everywhere, embedded on endpoints, Web browsers, mobile devices and more. The same goes for attacking wireless routers; they’re buggy and they’re everywhere. A handful of vulnerabilities were identified...

Polycom Firmware Update Command Injection

n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2013.002 15-Mar-2013 Vendor: Polycom, http://www.polycom.com Affected Products: Polycom HDX Series Affected Version: 3.1.1.2 Vulnerability: Polycom Firmware Update Command Injection Risk: MEDIUM Overview: Polycom HDX systems can be...

[TSI-ADV-1202] Polycom Web Management Interface O.S. Command Injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===== Tempest Security Intelligence - Advisory 02 / 2012 ============ Polycom Web Management Interface O.S. Command Injection ------------------------------------------------------- Authors: - Joao Paulo Caldas Campello: - @jpcampello -...

Polycom Web Management Interface Directory Traversal

===== Tempest Security Intelligence - Advisory 01 / 2012 ================== Path Traversal on Polycom Web Management Interface -------------------------------------------------- Authors: - Heyder Andrade: - @heyderandrade - http://linkedin.com/in/heyderandrade - - Joao Paulo Caldas Campello: -...

Researchers spot router-based botnet worm

Researchers at DroneBL have spotted signs of a stealthy router-based botnet worm zdnet.com targeting routers and DSL modems. The worm, called “psyb0t,” has been circulating since at least January this year, infecting vulnerable embedded Linux devices such as the Netcomm NB5 ADSL modem and launchi...

Netgear embedded Linux for the SSL312 router DOS Vulnerability

No description provided by source. / / / / / / / / / / / / / // / / / / / / / / / // / / / // // / / / / / // ///// // // // Helith - 0815 -------------------------------------------------------------------------------- Author : Rembrandt Date : 2008-02-27 Affected Software: propietary CGI Affect...

Netgear SSL312 Router - Denial of Service

/ / / / / / / / / / / / / // / / / / / / / / / // / / / // // / / / / / // ///// // // // Helith - 0815 -------------------------------------------------------------------------------- Author : Rembrandt Date : 2008-02-27 Affected Software: propietary CGI Affected OS : Netgear embedded Linux for...