CVE-2022-44420

The CVE-2022-44420 entry describes a vulnerability in the UNISOC modem module where there is a missing verification of the HashMME value in the Security Mode Command, enabling local denial of service with no additional privileges. This is a local-access issue with impact on availability (HIGH) an...

CVE-2022-25726

Information disclosure in modem data due to array out of bound access while handling the incoming DNS response packet...

Design/Logic Flaw

Denial of service in modem due to missing null check while processing the ipv6 packet received during ECM call...

Null pointer dereference

Denial of service in MODEM due to improper pointer handling...

CVE-2022-33276 Buffer copy without checking size of input in Modem

Memory corruption due to buffer copy without checking size of input in modem while receiving WMIREQUESTSTATSCMDID command...

CVE-2022-27874

Improper authentication in some IntelR XMMTM 7560 Modem software before version M27560R01.2146.00 may allow a privileged user to potentially enable escalation of privilege via physical access...

CVE-2022-20083

In Modem 2G/3G CC, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution when decoding combined FACILITY with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00803883; Issue ID:...

Out-of-bounds

In Modem 2G/3G CC, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution when decoding combined FACILITY with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00803883; Issue ID:...

ASB-A-231275475

In Modem 2G/3G CC, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution when decoding combined FACILITY with no additional execution privileges needed. User interaction is not needed for exploitation...

Quectel RG502Q-EA 操作系统命令注入漏洞

The Quectel RG502Q-EA is a 5G Sub-6 GHz LGA module from China Mobile Communications Quectel optimized for IoT and M2M applications. The Quectel RG502Q-EA suffers from a security vulnerability that stems from a security issue in the way the OTA download process operates, which can be exploited by ...

Code injection

The web interface on the Technicolor TC7230 STEB 01.25 is vulnerable to DNS rebinding, which allows a remote attacker to configure the cable modem via JavaScript in a victim's browser. The attacker can then configure the cable modem to port forward the modem's internal TELNET server, allowing...

ZTE ZXHN F670 Command Injection Vulnerability

The ZTE ZXHN F670 is a modem from China's ZTE Corporation ZTE. A command injection vulnerability exists in the ZTE ZXHN F670. An attacker can exploit this vulnerability to execute illegal commands...

Airties AIR5443v2 1.0.0.18 Cross Site Scripting

Exploit Title: Airties AIR5443v2 - Cross-Site Scripting Date: 25-09-2018 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.airties.com/ Software http://www.airties.com.tr/support/dcenter/ Version: 1.0.0.18 Tested on: MacOS High Sierra / Linux Mint / Windows 10 CVE : CVE-2018-17590 A...

UTStar WA3002G4 ADSL Broadband Modem - Authentication Bypass(CVE-2017-14243)

Exploit Title: UTStar WA3002G4 ADSL Broadband Modem Authentication Bypass Vulnerability CVE: CVE-2017-14243 Date: 15-09-2017 Exploit Author: Gem George Author Contact: https://www.linkedin.com/in/gemgrge Vulnerable Product: UTStar WA3002G4 ADSL Broadband Modem Firmware version: WA3002G4-0021.01...

Silent Circle Blackphone Icera Modem Security Patch

Silent Circle, makers of the security and privacy focused Blackphone, have patched a vulnerability that could allow a malicious mobile application or remote attacker to access the device’s modem and perform any number of actions. The update was released Dec. 7 in version 1.1.13 RC3; details of th...

D-Link DSL-2730B Modem - Lancfg2get.cgi Persistent Cross-Site Scripting

D-Link DSL-2730B Modem - Lancfg2get.cgi Persistent Cross-Site Scripting Exploit Title: D-Link DSL-2730B Modem lancfg2get.cgi Exploit XSS Injection Stored Date: 11-01-2015 Exploit Author: Mauricio Correa Vendor Homepage: www.dlink.com Hardware version: C1 Version: GE 1.01 Tested on: Windows 8 and...

D-Link DSL-2730B Modem - 'Lancfg2get.cgi Persistent Cross-Site Scripting

Exploit Title: D-Link DSL-2730B Modem lancfg2get.cgi Exploit XSS Injection Stored Date: 11-01-2015 Exploit Author: Mauricio Correa Vendor Homepage: www.dlink.com Hardware version: C1 Version: GE 1.01 Tested on: Windows 8 and Linux !/usr/bin/perl Date dd-mm-aaaa: 11-11-2014 Exploit for D-Link...

New DoS, CSRF and XSS vulnerabilities in ADSL modem Callisto 821+

Hello 3APA3A! I want to warn you about new security vulnerabilities in ADSL modem Callisto 821+ SI2000 Callisto821+ Router. These are Denial of Service, Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities. In April I've already drew attention of Ukrtelecom's representative and thi...

Scientific Atlanta DPC2100 WebSTAR Cable Modem vulnerabilities

=============================================================== Scientific Atlanta DPC2100 Cable Modem Cross-Site Request Forgery and Insufficient Authentication May 24, 2010 CVE-2010-2025, CVE-2010-2026 =============================================================== ==Description== Scientific...

CVE-1999-0359

ptylogin in Unix systems allows users to perform a denial of service by locking out modems, dial out with that modem, or obtain passwords...