16 matches found
CVE-2022-4982
DBLTek GoIP-1 firmware versions up to and including GHSFVT-1.1-67-5 contain a local file inclusion vulnerability. The device's web server exposes handlers frame.html and frame.A100.html that accept a path parameter content or sidebar which is not properly validated or canonicalized. An attacker c...
CVE-2022-4982
DBLTek GoIP-1 firmware versions up to and including GHSFVT-1.1-67-5 contain a local file inclusion vulnerability. The device's web server exposes handlers frame.html and frame.A100.html that accept a path parameter content or sidebar which is not properly validated or canonicalized. An attacker c...
CVE-2022-4982 DBLTek GoIP-1 vGHSFVT-1.1-67-5 Unauthenticated LFI
DBLTek GoIP-1 firmware versions up to and including GHSFVT-1.1-67-5 contain a local file inclusion vulnerability. The device's web server exposes handlers frame.html and frame.A100.html that accept a path parameter content or sidebar which is not properly validated or canonicalized. An attacker c...
CVE-2022-4982
CVE-2022-4982 affects DBLTek GoIP-1 firmware up to GHSFVT-1.1-67-5, where the web server’s frame.html and frame.A100.html handlers accept a path parameter (content or sidebar) that is not properly validated or canonicalized, enabling local file inclusion via directory-traversal sequences. An atta...
PT-2025-46730
Name of the Vulnerable Software and Affected Versions DBLTek GoIP-1 firmware versions up to and including GHSFVT-1.1-67-5 Description The GoIP-1 device firmware contains a local file inclusion issue. The web server exposes handlers frame.html and frame.A100.html that accept a path parameter conte...
CVE-2017-20204
DBLTek GoIP devices models GoIP 1, 4, 8, 16, and 32 contain an undocumented vendor backdoor in the Telnet administrative interface that allows remote authentication as an undocumented user via a proprietary challenge–response scheme which is fundamentally flawed. Because the challenge response ca...
CVE-2017-20204
DBLTek GoIP devices models GoIP 1, 4, 8, 16, and 32 contain an undocumented vendor backdoor in the Telnet administrative interface that allows remote authentication as an undocumented user via a proprietary challenge–response scheme which is fundamentally flawed. Because the challenge response ca...
CVE-2017-20204
CVE-2017-20204 affects DBLTek GoIP voice gateway devices (GoIP 1, 4, 8, 16, 32). The Telnet admin interface contains an undocumented vendor backdoor that enables remote authentication as an undocumented user via a flawed challenge–response scheme. Because the challenge can be derived from itself,...
DBLTek GoIP 安全漏洞
DBLTek GoIP is a voice gateway device from Deborah DBLTek China. A security vulnerability exists in the DBLTek GoIP that stems from an undocumented vendor backdoor in the Telnet management interface that could lead to remote code execution and full control of the device...
PT-2025-42215
DBLTek GoIP devices models GoIP 1, 4, 8, 16, and 32 contain an undocumented vendor backdoor in the Telnet administrative interface that allows remote authentication as an undocumented user via a proprietary challenge–response scheme which is fundamentally flawed. Because the challenge response ca...
Dbltek GoIP - Local File Inclusion Vulnerability
Exploit Title: Dbltek GoIP - Local File Inclusion Exploit Author: Valtteri Lehtinen & Lassi Korhonen Vendor Homepage: http://en.dbltek.com/index.html Software Link: - Version: GHSFVT-1.1-67-5 firmware version Tested on: Target is an IoT device Exploit summary Dbltek GoIP-1 is a VoIP-GSM gateway...
Dbltek GoIP GHSFVT-1.1-67-5 Local File Inclusion
Exploit Title: Dbltek GoIP - Local File Inclusion Date: 20.02.2022 Exploit Author: Valtteri Lehtinen & Lassi Korhonen Vendor Homepage: http://en.dbltek.com/index.html Software Link: - Version: GHSFVT-1.1-67-5 firmware version Tested on: Target is an IoT device Exploit summary Dbltek GoIP-1 is a...
Dbltek GoIP - Local File Inclusion
Exploit Title: Dbltek GoIP - Local File Inclusion Date: 20.02.2022 Exploit Author: Valtteri Lehtinen & Lassi Korhonen Vendor Homepage: http://en.dbltek.com/index.html Software Link: - Version: GHSFVT-1.1-67-5 firmware version Tested on: Target is an IoT device Exploit summary Dbltek GoIP-1 is a...
DblTek GoIP GSM Gateway Multiple Vulnerabilities
Exploit for hardware platform in category remote exploits DblTek GoIP GSM Gateway Multiple Vulnerabilities Vulnerabilities summary The following advisory describes 2 two vulnerabilities found in DblTek webserver. DBL is “specialized in VoIP products, especially GoIPs. We design, develop,...
DblTekGoIPPwn - Tool to check if an IP of a DblTek GoIP is vulnerable to a challenge-response login system, execute remote commands botnet style, and generate responses to challenges
Tool to exploit challenge response system in vulnerable DblTek GoIP devices. Can generate responses to specified challenges, test hosts for the vulnerability, run commands on vulnerable hosts, and drop into a root shell on any vulnerable host. The Vulnerability On March 2nd, 2017, Trustwave...
DBLTek GoIP 'dbladm' User Unauthorized Access Vulnerability
DBL Technology is a communication equipment manufacturer located in Shenzhen, China. Its main products include GSM voice gateway, IP telephony gateway, enterprise softswitch, etc., which are mostly used by telephony companies and VoIP service providers. An unauthorized access vulnerability exists...