Airties AIR5453 1.0.0.18 Cross Site Scripting

Exploit Title: Airties AIR5453 - Cross-site Scripting Date: 25-09-2018 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.airties.com/ Software http://www.airties.com.tr/support/dcenter/ Version: 1.0.0.18 Tested on: MacOS High Sierra / Debian / Windows 10 CVE : CVE-2018-17593 A cross si...

Airties AIR5443v2 1.0.0.18 Cross Site Scripting

Exploit Title: Airties AIR5443v2 - Cross-Site Scripting Date: 25-09-2018 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.airties.com/ Software http://www.airties.com.tr/support/dcenter/ Version: 1.0.0.18 Tested on: MacOS High Sierra / Linux Mint / Windows 10 CVE : CVE-2018-17590 A...

EE 4GEE Mini EE40_00_02.00_44 - Privilege Escalation

Title: EE 4GEE Mini EE400002.0044 - Privilege Escalation Date: 2018-09-22 Software Version: EE400002.0044 Tested on: Windows 10 64-bit and Windows 7 64-bit Exploit Author: Osanda Malith Jayathissa @OsandaMalith Original Advisory:...

CVE-2018-14327

The installer for the Alcatel OSPREY3MINI Modem component on EE EE40VB 4G mobile broadband modems with firmware before EE400002.0045 sets weak permissions Everyone:Full Control for the "Web Connecton\EE40" and "Web Connecton\EE40\BackgroundService" directories, which allows local users to gain...

CVE-2018-14327

The installer for the Alcatel OSPREY3MINI Modem component on EE EE40VB 4G mobile broadband modems with firmware before EE400002.0045 sets weak permissions Everyone:Full Control for the "Web Connecton\EE40" and "Web Connecton\EE40\BackgroundService" directories, which allows local users to gain...

CVE-2018-14327

The installer for the Alcatel OSPREY3MINI Modem component on EE EE40VB 4G mobile broadband modems with firmware before EE400002.0045 sets weak permissions Everyone:Full Control for the "Web Connecton\EE40" and "Web Connecton\EE40\BackgroundService" directories, which allows local users to gain...

CVE-2018-14327

CVE-2018-14327 affects the Alcatel OSPREY3_MINI Modem on EE40VB 4G mobiles prior to firmware EE40_00_02.00_45. The vulnerability arises from weak directory permissions (Everyone: Full Control) on Web Connecton\EE40 and Web Connecton\EE40\BackgroundService created by the installer, enabling a loca...

EE 4GEE Mini Local Privilege Escalation

Title: EE 4GEE Mini Local Privilege Escalation Vulnerability Date: 22-09-2018 Software Version: EE400002.0044 Tested on: Windows 10 64-bit and Windows 7 64-bit Exploit Author: Osanda Malith Jayathissa @OsandaMalith Original Advisory:...

EE 4GEE Mini Local Privilege Escalation Vulnerability

Exploit for windows platform in category local exploits Title: EE 4GEE Mini Local Privilege Escalation Vulnerability Software Version: EE400002.0044 Tested on: Windows 10 64-bit and Windows 7 64-bit Exploit Author: Osanda Malith Jayathissa @OsandaMalith Original Advisory:...

CVE-2018-11240

An issue was discovered on SoftCase T-Router build 20112017 devices. There are no restrictions on the 'exec command' feature of the T-Router protocol. If the command syntax is correct, there is code execution both on the other modem and on the main servers. This is fixed in production builds as o...

Command injection

An issue was discovered on SoftCase T-Router build 20112017 devices. There are no restrictions on the 'exec command' feature of the T-Router protocol. If the command syntax is correct, there is code execution both on the other modem and on the main servers. This is fixed in production builds as o...

Flaw in 4GEE WiFi Modem Could Leave Your Computer Vulnerable

A high-severity vulnerability has been discovered in 4G-based wireless 4GEE Mini modem sold by mobile operator EE that could allow an attacker to run a malicious program on a targeted computer with the highest level of privileges in the system. The vulnerability—discovered by 20-year-old Osanda...

Flaw in 4GEE WiFi Modem Could Leave Your Computer Vulnerable

A high-severity vulnerability has been discovered in 4G-based wireless 4GEE Mini modem sold by mobile operator EE that could allow an attacker to run a malicious program on a targeted computer with the highest level of privileges in the system. The vulnerability—discovered by 20-year-old Osanda...

CirCarLife SCADA 4.3.0 - Credential Disclosure Exploit

Exploit for hardware platform in category web applications Exploit Title: CirCarLife SCADA 4.3.0 - Credential Disclosure Exploit Author: David Castro Vendor Homepage: https://circontrol.com/ Shodan Dork: Server: CirCarLife Server: PsiOcppApp Version: CirCarLife Scada all versions under 4.3.0 OCPP...

CirCarLife SCADA 4.3.0 Credential Disclosure

Exploit Title: CirCarLife SCADA 4.3.0 - Credential Disclosure Date: 2018-09-10 Exploit Author: David Castro Vendor Homepage: https://circontrol.com/ Shodan Dork: Server: CirCarLife Server: PsiOcppApp Version: CirCarLife Scada all versions under 4.3.0 OCPP implementation all versions under 1.5.0 C...

CirCarLife SCADA 4.3.0 - Credential Disclosure

Exploit Title: CirCarLife SCADA 4.3.0 - Credential Disclosure Date: 2018-09-10 Exploit Author: David Castro Vendor Homepage: https://circontrol.com/ Shodan Dork: Server: CirCarLife Server: PsiOcppApp Version: CirCarLife Scada all versions under 4.3.0 OCPP implementation all versions under 1.5.0 C...

TechnicoloTC8305C Buffer Overflow Vulnerability

The Technicolor TC8305C is a modem from the French Technicolor group. A buffer overflow vulnerability exists in the Technicolor TC8305C. An attacker could exploit this vulnerability to interrupt a network connection...

Telus Actiontec T2200H Command Injection Vulnerability

The Telus Actiontec T2200H is a modem device from Telus USA. A command injection vulnerability exists in the fileshare.cmd file in the Telus Actiontec T2200H using firmware version T2200H-31.128L.03. An attacker can exploit this vulnerability to inject operating system commands with the help of...

ASUS-DSL N10 1.1.2.2_17 - Authentication Bypass Vulnerability

Exploit for hardware platform in category web applications Title: ASUS-DSL N10 1.1.2.217 - Authentication Bypass Author: AmnBAN team Vendor Homepage: https://www.asus.com/Networking/DSLN10C1with5dBiantenna/ Sofrware version: 1.1.2.217 CVE: N/A 1. Description: In ASUS-DSL N10 C1 modem Firmware...

Hughes Broadband Satellite Modems Remote Detection

Detection of presence of Hughes Broadband Satellite Modem. The script attempts to determine if the remote host runs Hughes Broadband Satellite Modem from the telnet banner response. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and...