CVE-2017-17463

Vivo modems allow remote attackers to obtain sensitive information by reading the index.cgi?page=wifi HTML source code, as demonstrated by ssid and pskwepkey fields...

CVE-2017-17463

CVE-2017-17463 affects Vivo modems. The vulnerability allows remote attackers to disclose sensitive information by reading the index.cgi?page=wifi HTML source code, with examples including ssid and psk_wepkey fields. Exploitation status, affected models/versions, root cause specifics, and remedia...

ZyXEL Modems Backup Account and Default Root Credentials (Telnet)

ZyXEL PK5001Z and C1100Z modems have default root credentials set and a backdoor account with hardcoded credentials. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

AT&T U-verse Arris Modems NVG589 / NVG599 / 5268AC Multiple Vulnerabilities (SharknATTo)

The remote Arris device's self report model is NVG589, NVG599 or 5268AC. It is, therefor, affected by multiple vulnerabilities, including a firewall bypass, multiple instances of hardcoded credentials, privilege escalation, and remote code execution. Note: Nessus has not checked the firmware...

Arris Modems Hardcoded Backdoor Vulnerability

Arris Modems are modems produced by telecom equipment manufacturer Arris, customized for AT&T home users for on-net access. Arris Modems are vulnerable to a hard-coded backdoor vulnerability, where the modem has SSH enabled by default and allows Internet connectivity, which can be accessed by an...

Arris Modems Hardcoded Backdoor Vulnerability (CNVD-2017-24359)

Arris Modems are modems produced by telecom equipment manufacturer Arris, customized for AT&T home users for on-net access. A hard-coded backdoor vulnerability exists in Arris Modems, which have a built-in web server that allows an attacker to access the back-end administration panel through port...

Bugs in Arris Modems Distributed by AT&T Vulnerable to Trivial Attacks

Trivially exploitable vulnerabilities have been discovered in several Arris home modems, routers and gateways distributed to consumers and small businesses through AT&T’s U-verse service. It’s unknown yet whether the firmware vulnerabilities were introduced by the OEM or the ISP since AT&T seems ...

Default credentials

ZTE ADSL ZXV10 W300 modems W300V2.1.0fER7PEO57 and W300V2.1.0hER7PEO57 allow user accounts to have multiple valid username and password pairs, which allows remote authenticated users to login to a target account via any of its username and password pairs...

CVE-2015-7257

ZTE ADSL ZXV10 W300 modems W300V2.1.0fER7PEO57 and W300V2.1.0hER7PEO57 allow remote authenticated non-administrator users to change the admin password by intercepting an outgoing password change request, and changing the username parameter from "support" to "admin"...

CVE-2015-7259

ZTE ADSL ZXV10 W300 modems W300V2.1.0fER7PEO57 and W300V2.1.0hER7PEO57 allow user accounts to have multiple valid username and password pairs, which allows remote authenticated users to login to a target account via any of its username and password pairs...

CVE-2015-7257

ZTE ADSL ZXV10 W300 modems W300V2.1.0fER7PEO57 and W300V2.1.0hER7PEO57 allow remote authenticated non-administrator users to change the admin password by intercepting an outgoing password change request, and changing the username parameter from "support" to "admin"...

CVE-2015-7257

The CVE-2015-7257 entry concerns ZTE ADSL ZXV10 W300 modems (versions W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57). A remote authenticated non-administrator user can change the administrator password by intercepting an outgoing password-change request and tampering the username parameter fr...

CVE-2015-7258

CVE-2015-7258 affects ZTE ADSL ZXV10 W300 modems (W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57). The CNVD/NVD entries describe an information-disclosure flaw where remote authenticated users can obtain user passwords by displaying user information in a Telnet connection. The root cause detai...

CVE-2015-7258

ZTE ADSL ZXV10 W300 modems W300V2.1.0fER7PEO57 and W300V2.1.0hER7PEO57 allow remote authenticated users to obtain user passwords by displaying user information in a Telnet connection...

Zeroshell 3.6.03.7.0 Net Services - Remote Code Execution

Zeroshell 3.6.03.7.0 Net Services - Remote Code Execution Exploit Title: Zeroshell - Net Services Unauthenticated Remote Code Execution | RCE Date: 13.01.2017 Exploit Author: Ozer Goker Vendor Homepage: http://www.zeroshell.org Software Link: www.zeroshell.org/download/ Version: 3.6.0 & 3.7.0...

Zeroshell 3.6.0/3.7.0 Net Services - Remote Code Execution Vulnerability

Exploit for linux platform in category web applications Exploit Title: Zeroshell - Net Services Unauthenticated Remote Code Execution | RCE Date: 13.01.2017 Exploit Author: Ozer Goker Vendor Homepage: http://www.zeroshell.org Software Link: www.zeroshell.org/download/ Version: 3.6.0 & 3.7.0...

New Mirai Variant Targets Routers, Knocks 900,000 Offline

Attackers are targeting DSL routers this week with what’s being called a potent new variant of the Mirai malware that knocked offline major Internet companies like Twitter and Spotify last month. According to Germany’s Deutsche Telekom 900,000 of its DSL router customers have already been targete...

Qualcomm and HackerOne Partner on Bounty Program

Qualcomm kicked off its first bug bounty program Thursday, opening the door for white hat hackers to find flaws in a dozen Snapdragon mobile chipsets and related software. Rewards for the invite-only bug bounty program top $15,000 each. HackerOne will facilitate Qualcomm’s bounty program; the...

Number of Devices Sharing Private Crypto Keys Up Sharply

Researchers at SEC Consult say the number of internet gateways, routers, modems and other embedded devices sharing cryptographic keys and certificates is up 40 percent since the Austrian consulting firm first looked at the problem in November. The report, posted Tuesday called “House of Keys,”...

ZTE F460/F660 Backdoor Unauthorized Access (CVE-2014-2321)

An Unauthorized Access Vulnerability exists in ZTE F460 and F660 cable modems. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands with administrator level access on the affected device...