27 matches found
EUVD-2018-13041
Malware in sbrugna...
EUVD-2018-6443
Malware in sbrugna...
Inteno IOPSYS 3.16.4 Root Filesystem Access
Exploit Title: Inteno IOPSYS 3.16.4 - root filesystem access via sambashare Authenticated Date: 2020-03-29 Exploit Author: Henrik Pedersen Vendor Homepage: https://intenogroup.com/ Version: Iopsys -p -k Requires: impacket websocket-client On Windows: pyreadline """ def ubusAuthhost, username,...
Inteno IOPSYS 3.16.4 - root filesystem access via sambashare (Authenticated)
Exploit Title: Inteno IOPSYS 3.16.4 - root filesystem access via sambashare Authenticated Date: 2020-03-29 Exploit Author: Henrik Pedersen Vendor Homepage: https://intenogroup.com/ Version: Iopsys -p -k Requires: impacket websocket-client On Windows: pyreadline """ def ubusAuthhost, username,...
CVE-2018-20487
An issue was discovered in the firewall3 component in Inteno IOPSYS 1.0 through 3.16. The attacker must make a JSON-RPC method call to add a firewall rule as an "include" and point the "path" argument to a malicious script or binary. This gets executed as root when the firewall changes are...
Design/Logic Flaw
An issue was discovered in the firewall3 component in Inteno IOPSYS 1.0 through 3.16. The attacker must make a JSON-RPC method call to add a firewall rule as an "include" and point the "path" argument to a malicious script or binary. This gets executed as root when the firewall changes are...
CVE-2018-20487
An issue was discovered in the firewall3 component in Inteno IOPSYS 1.0 through 3.16. The attacker must make a JSON-RPC method call to add a firewall rule as an "include" and point the "path" argument to a malicious script or binary. This gets executed as root when the firewall changes are...
CVE-2018-20487
An issue was discovered in the firewall3 component in Inteno IOPSYS 1.0 through 3.16. The attacker must make a JSON-RPC method call to add a firewall rule as an "include" and point the "path" argument to a malicious script or binary. This gets executed as root when the firewall changes are...
CVE-2018-20487
This CVE affects the firewall3 component of Inteno IOPSYS 1.0–3.16. A JSON-RPC call to add a firewall rule as an “include” can point the path to a malicious script/binary, which is executed as root when changes are committed. Affected software: Inteno IOPSYS firewall3. Root-level impact: arbitrar...
Design/Logic Flaw
readtmp and writetmp in Inteno IOPSYS allow attackers to gain privileges after writing to /tmp/etc/smb.conf because /var is a symlink to /tmp...
CVE-2018-14533
readtmp and writetmp in Inteno IOPSYS allow attackers to gain privileges after writing to /tmp/etc/smb.conf because /var is a symlink to /tmp...
CVE-2018-14533
readtmp and writetmp in Inteno IOPSYS allow attackers to gain privileges after writing to /tmp/etc/smb.conf because /var is a symlink to /tmp...
Inteno IOPSYS - (Authenticated) Local Privilege Escalation Exploit
Exploit for linux platform in category local exploits !/usr/bin/python import json import sys import subprocess import socket import os from websocket import createconnection def ubusAuthhost, username, password: ws = createconnection"ws://" + host, header = "Sec-WebSocket-Protocol: ubus-json" re...
Inteno IOPSYS p910nd Arbitrary File Read Vulnerability
Inteno IOPSYS is a suite of open service delivery platforms from Inteno Broadband Technologies in Sweden. The platform consists of a gateway operating system, a home portal, and a variety of software development kits. p910nd is one of the print daemons. A security vulnerability exists in p910nd o...
CVE-2018-10123
p910nd on Inteno IOPSYS 2.0 through 4.2.0 allows remote attackers to read, or append data to, arbitrary files via requests on TCP port 9100...
Code injection
p910nd on Inteno IOPSYS 2.0 through 4.2.0 allows remote attackers to read, or append data to, arbitrary files via requests on TCP port 9100...
CVE-2018-10123
p910nd on Inteno IOPSYS 2.0 through 4.2.0 allows remote attackers to read, or append data to, arbitrary files via requests on TCP port 9100...
CVE-2018-10123
CVE-2018-10123 affects Inteno IOPSYS p910nd, with vulnerable versions 2.0 through 4.2.0. A remote attacker can connect to TCP port 9100 and read arbitrary files or append data to arbitrary files, enabling information disclosure and, per exploit descriptions, potential remote code execution. Publi...
Inteno IOPSYS 2.0 - 4.2.0 p910nd Remote Command Execution
''' Any authenticated user can modify the configuration for it in a way which allows them to read and append to any file as root. This leads to information disclosure and remote code execution. This vulnerability has been assigned the CVE ID: CVE-2018-10123. This PoC requires Python 3.6 and a...
Inteno IOPSYS 2.0 4.2.0 - p910nd Remote Command Execution
Inteno IOPSYS 2.0 4.2.0 - p910nd Remote Command Execution ''' Any authenticated user can modify the configuration for it in a way which allows them to read and append to any file as root. This leads to information disclosure and remote code execution. This vulnerability has been assigned the CVE...