Privilege escalation

An elevation of privilege vulnerability in the bootloader could enable a local attacker to execute arbitrary modem commands on the device. This issue is rated as High because it is a local permanent denial of service device interoperability: completely permanent or requiring re-flashing the entir...

CVE-2016-8467

An elevation of privilege vulnerability in the bootloader could enable a local attacker to execute arbitrary modem commands on the device. This issue is rated as High because it is a local permanent denial of service device interoperability: completely permanent or requiring re-flashing the entir...

UBUNTU-CVE-2016-8467

An elevation of privilege vulnerability in the bootloader could enable a local attacker to execute arbitrary modem commands on the device. This issue is rated as High because it is a local permanent denial of service device interoperability: completely permanent or requiring re-flashing the entir...

CVE-2016-8467

CVE-2016-8467 describes a local elevation-of-privilege flaw in the Nexus bootloader that lets an attacker change the boot mode via fastboot (e.g., fastboot oem config bootmode bp-tools), thereby gaining access to the device and potentially hidden USB interfaces. The described attack alters the an...

Input validation

An issue was discovered on LG devices using the MTK chipset with L5.0/5.1, M6.0/6.0.1, and N7.0 software, and RCA Voyager Tablet, BLU Advance 5.0, and BLU R1 HD devices. The MTKLogger app with a package name of com.mediatek.mtklogger has application components that are accessible to any applicati...

CVE-2016-10135

An issue was discovered on LG devices using the MTK chipset with L5.0/5.1, M6.0/6.0.1, and N7.0 software, and RCA Voyager Tablet, BLU Advance 5.0, and BLU R1 HD devices. The MTKLogger app with a package name of com.mediatek.mtklogger has application components that are accessible to any applicati...

CVE-2016-10135

An issue was discovered on LG devices using the MTK chipset with L5.0/5.1, M6.0/6.0.1, and N7.0 software, and RCA Voyager Tablet, BLU Advance 5.0, and BLU R1 HD devices. The MTKLogger app with a package name of com.mediatek.mtklogger has application components that are accessible to any applicati...

CVE-2016-10135

Technical details for CVE-2016-10135 are not publicly provided in the supplied documents; monitor for updates as connected sources do not reveal affected components or remediation.

CVE-2016-10135

An issue was discovered on LG devices using the MTK chipset with L5.0/5.1, M6.0/6.0.1, and N7.0 software, and RCA Voyager Tablet, BLU Advance 5.0, and BLU R1 HD devices. The MTKLogger app with a package name of com.mediatek.mtklogger has application components that are accessible to any applicati...

Huawei Flybox B660 - (POST SMS) CSRF Web Vulnerability

Document Title: =============== Huawei Flybox B660 - POST SMS CSRF Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2026 Release Date: ============= 2017-01-12 Vulnerability Laboratory ID VL-ID: ==================================== 2026...

Google Patches Android 'Custom Boot Mode' Vulnerability

A high-risk Android custom boot mode vulnerability was one of many bugs patched by Google as part of its January Android Security Bulletin released earlier this week. On Thursday, the IBM security team that discovered the vulnerability disclosed details about the flaw which leaves Nexus 6 and 6P...

Zyxel/Eir D1000 DSL Modem NewNTPServer Command Injection Over TR-064

require 'msf/core' class MetasploitModule 'Zyxel/Eir D1000 DSL Modem NewNTPServer Command Injection Over TR-064', 'Description' = %q Broadband DSL modems manufactured by Zyxel and distributed by some European ISPs are vulnerable to a command injection vulnerability when setting the 'NewNTPServer'...

Zyxel / Eir D1000 DSL Modem NewNTPServer Command Injection Over TR-064 Exploit

Broadband DSL modems manufactured by Zyxel and distributed by some European ISPs are vulnerable to a command injection vulnerability when setting the 'NewNTPServer' value using the TR-64 SOAP-based configuration protocol. In the tested case, no authentication is required to set this value on...

Linksys WAG120N ADSL2 + Modem Router Download Config File Vulnerability

Exploit for cgi platform in category web applications Exploit Title: Linksys WAG120N ADSL2 + Modem Router Download Config File Vulnerability Vendor Homepage: http://www.linksys.com/in/support-product?pid=01t80000003prsQAAQ Exploit : http://192.168.1.1/Routercfg.cfg Open Routercfg.cfg with Notepad...

Irancell WIMAX Modem WIXFMM-130 CSRF Accounting User Password Viewer Vulnerability

Exploit for cgi platform in category web applications Exploit Title: Irancell WIMAX Modem WIXFMM-130 CSRF Accounting User Password Viewer Vendor Homepage: http://wimax.irancell.ir/Portal/Home/ Version: WIXFMM-130 Exploit : http://192.168.1.1/ajax.cgi?action=taginitwimaxauth.php Result :...

Zyxel/Eir D1000 DSL Modem NewNTPServer Command Injection Over TR-064

Broadband DSL modems manufactured by Zyxel and distributed by some European ISPs are vulnerable to a command injection vulnerability when setting the 'NewNTPServer' value using the TR-64 SOAP-based configuration protocol. In the tested case, no authentication is required to set this value on...

Eagle Speed USB Modem Software Privilege Escalation Exploit

Eagle Speed USB modem software suffers from a privilege escalation vulnerability. !/usr/bin/python -w Title : Eagle Speed USB MODEM SOFTWARE Privilege Escalation Date : 28/11/2016 Author : R-73eN Tested on : Windows 7 Latest version of the software Software : N/A Comes with the USB Modem...

Eagle Speed USB Modem Software Privilege Escalation

!/usr/bin/python -w Title : Eagle Speed USB MODEM SOFTWARE Privilege Escalation Date : 28/11/2016 Author : R-73eN Tested on : Windows 7 Latest version of the software Software : N/A Comes with the USB Modem Vulnerability Description: When the Eagle Speed software is installed a service with name...

Router high-risk vulnerabilities induced the German telecommunications ultra 90 million users suffered network disruption-vulnerability warning-the black bar safety net

! Event overview Last weekend millions of German Internet users suffered a series of network outages, investigate its reason is a failure of the home routers hijacked. Deutsche Telekom's 2000 million users with 90 million users received the interrupt effect from the last Sunday continues to prese...

Tenda / Dlink / Tplink TD-W8961ND - DHCP Cross-Site Scripting Vulnerability

Exploit for hardware platform in category web applications Document Title: =============== Tenda, Dlink & Tplink TD-W8961ND - DHCP XSS Vulnerability Abstract Advisory Information: ============================== The vulnerability laboratory research team discovered a persistent xss vulnerability i...