FiberHome VDSL2 Modem HG 150-UB Security Bypass Vulnerability (CNVD-2018-08814)

FiberHome VDSL2 Modem HG 150-UB is a modem product from China FiberHome. A security vulnerability exists in the FiberHome VDSL2 Modem HG 150-UB. An attacker can exploit the vulnerability to bypass authentication...

FiberHome VDSL2 Modem HG 150-UB Security Bypass Vulnerability

FiberHome VDSL2 Modem HG 150-UB is a modem product from China FiberHome. A security vulnerability exists in the FiberHome VDSL2 Modem HG 150-UB. The vulnerability can be exploited to bypass authentication with the 'Cookie: Name=0admin' header...

FiberHome VDSL2 Modem HG 150-UB - Authentication Bypass

FiberHome VDSL2 Modem HG 150-UB - Authentication Bypass Exploit Title: FiberHome VDSL2 Modem HG 150-UB Authentication Bypass Date: 04/03/2018 Exploit Author: Noman Riffat Vendor Homepage: http://www.fiberhome.com/ CVE : CVE-2018-9248, CVE-2018-9248 The vulnerability exists in plain text & hard...

Intel® 2G Modem firmware buffer overflow vulnerability

Intel® XMM71xx, Intel® XMM72xx, and Intel® XMM73xx are modem firmware products from Intel Corporation USA. A buffer overflow vulnerability exists in the Intel® XMM71xx, XMM72xx, XMM73xx, XMM74xx, and Sofia 3G/R, which use ETWS for modems, allowing remote attackers to potentially execute arbitrary...

FiberHome VDSL2 Modem HG 150-UB - Authentication Bypass

Exploit Title: FiberHome VDSL2 Modem HG 150-UB Authentication Bypass Date: 04/03/2018 Exploit Author: Noman Riffat Vendor Homepage: http://www.fiberhome.com/ CVE : CVE-2018-9248, CVE-2018-9248 The vulnerability exists in plain text & hard coded cookie. Using any cookie manager extension, an...

Authentication flaw

FiberHome VDSL2 Modem HG 150-UB devices allow authentication bypass by ignoring the parent.location='login.html' JavaScript code in the response to an unauthenticated request...

Authentication flaw

FiberHome VDSL2 Modem HG 150-UB devices allow authentication bypass via a "Cookie: Name=0admin" header...

CVE-2018-9249

FiberHome VDSL2 Modem HG 150-UB devices allow authentication bypass by ignoring the parent.location='login.html' JavaScript code in the response to an unauthenticated request...

CVE-2018-9248

FiberHome VDSL2 Modem HG 150-UB devices allow authentication bypass via a "Cookie: Name=0admin" header...

CVE-2018-9248

FiberHome VDSL2 Modem HG 150-UB devices allow authentication bypass via a "Cookie: Name=0admin" header...

CVE-2018-9249

FiberHome VDSL2 Modem HG 150-UB devices allow authentication bypass by ignoring the parent.location='login.html' JavaScript code in the response to an unauthenticated request...

CVE-2018-9248

CVE-2018-9248 affects FiberHome VDSL2 Modem HG 150-UB. The flaw allows authentication bypass via the HTTP cookie header “Cookie: Name=0admin” due to improper session handling and a hard-coded/plain-text cookie. Public evidence (NVD entry, CNVD-2018-08815, Exploit-DB entry) confirms the bypass can...

CVE-2018-9249

The CVE-2018-9249 issue affects FiberHome VDSL2 Modem HG 150-UB where authentication can be bypassed by the device’s response not enforcing login.html, due to the client-side JavaScript check (parent.location='login.html') being ignored on unauthenticated requests. Affected component: the modem’s...

FiberHome VDSL2 Modem HG 150-UB Login Bypass Vulnerability

Exploit for hardware platform in category web applications Exploit Title: FiberHome VDSL2 Modem HG 150-UB Login Bypass Exploit Author: Noman Riffat Vendor Homepage: http://www.fiberhome.com/ The vulnerability exists in plain text & hard coded cookie. Using any cookie manager extension, an attacke...

FiberHome VDSL2 Modem HG 150-UB Login Bypass

Exploit Title: FiberHome VDSL2 Modem HG 150-UB Login Bypass Date: 04/03/2018 Exploit Author: Noman Riffat Vendor Homepage: http://www.fiberhome.com/ The vulnerability exists in plain text & hard coded cookie. Using any cookie manager extension, an attacker can bypass login page by setting the...

Code injection

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while IPA WAN-driver is processing multiple requests from modem/user-space module, the global variable "numq6rule" does not have a mut...

[SECURITY] Fedora 26 Update: torbrowser-launcher-0.2.9-1.fc26

Tor Browser Launcher is intended to make Tor Browser easier to install and use for GNU/Linux users. You install torbrowser-launcher from your distribution's package manager and it handles everything else: Downloads and installs the most recent version of Tor Browser in your lan guage and for your...

[SECURITY] Fedora 27 Update: torbrowser-launcher-0.2.9-1.fc27

Tor Browser Launcher is intended to make Tor Browser easier to install and use for GNU/Linux users. You install torbrowser-launcher from your distribution's package manager and it handles everything else: Downloads and installs the most recent version of Tor Browser in your lan guage and for your...

Aztech Modem Routers Information Disclosure Vulnerability

Aztech Modem Routers is an all-in-one modem and router product from the Aztech group of companies in Singapore. An information disclosure vulnerability exists in Aztech Modem Routers. The vulnerability can be exploited by an attacker to gain access to sensitive information, which can be used to...

Multiple Aztech Modem Router Products Session Hijacking Vulnerability

Aztech Modem Routers is an all-in-one modem and router product from the Aztech group of companies in Singapore. A session hijacking vulnerability exists in multiple Aztech Modem Routers products. An attacker could exploit this vulnerability to gain access to affected devices...