277 matches found
Aztech Modem Routers - Session Hijacking
source: https://www.securityfocus.com/bid/69811/info Multiple Aztech Modem Routers are prone to a session-hijacking vulnerability. An attacker can exploit this issue to gain unauthorized access to the affected device. !/usr/bin/perl Title: Aztech Modem Broken Session Management Exploit Author: Er...
Some Cable Modems Found to Leak Sensitive Data Via SNMP
Cable modems sold by two manufacturers expose a wide variety of sensitive information over SNMP, including usernames and passwords, WEP keys and SSIDs. Researchers who discovered the vulnerabilities say they’re trivially exploitable and plan to release Metasploit modules for them later this month...
Black Hat News Wrap Podcast
Dennis Fisher, Mike Mimoso and Brian Donohue discuss the news from day one of Black Hat, including the Dan Geer keynote, attacks on mobile broadband modems and carriers’ control of mobile phones. Download: Black-Hat-Day-One-Podcast.mp3 Music by Chris Gonsalves...
Mobile Broadband Modems Seen as Easy Targets for Attackers
LAS VEGAS–Mobile broadband modems can be a great alternative if you can’t find a WiFi network or don’t trust the ones you can find. But many of the models sold by the major manufacturers contain bugs and functionality that a remote attacker can exploit without much difficulty. Much of the market...
2wire Modems/Routers CRLF - Denial of Service Exploit
No description provided by source. //Vulnerable: //2Wire OfficePortal 0 //2Wire HomePortal 1500W //2Wire HomePortal 100W //2Wire HomePortal 100S //2Wire HomePortal 1000W //2Wire HomePortal 1000SW //2Wire HomePortal 1000S //2Wire HomePortal 1000 //2Wire HomePortal 0...
Virata EmWeb R6.0.1 - Remote Crash Vulnerability
No description provided by source. Exploit Title: Virata EmWeb R6.0.1 Remote Crash Vulnerability Date: 06/04/10 Author: Jobert Abma Online 24 Email: j.abmaatonline24dotnl Version: R6.0.1 Tested on: linux CVE : Code : This was written for educational purpose. Use it at your own risk. Author will b...
Hybrid Networks Cable Broadband Access System 1.0 - Remote Configuration Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/695/info Hybrid Network's cable modems are vulnerable to several different types of attack due to a lack of authentication for the remote administration/configuration system. The cable modems use a protocol called HSMP,...
CVE-2014-2946
Cross-site request forgery CSRF vulnerability in api/sms/send-sms in the Web UI 11.010.06.01.858 on Huawei E303 modems with software 22.157.18.00.858 allows remote attackers to hijack the authentication of administrators for requests that perform API operations and send SMS messages via a request...
CVE-2014-2946
CVE-2014-2946 is a CSRF vulnerability in the Huawei E303 Web UI, affecting api/sms/send-sms. The issue affects Web UI version 11.010.06.01.858 on software 22.157.18.00.858 and allows an attacker to hijack administrator authentication to perform API operations, including sending SMS messages via c...
SNMP Public Community String Zero Day in Routers Disclosed
Researchers have discovered previously unreported problems in SNMP on embedded devices where devices such as secondary market home routers and a popular enterprise-grade load balancer are leaking authentication details in plain text. The data could be extracted by gaining access to the read-only...
ZTE F460 / F660 Cable Modems web_shell_cmd.gch Administrative Backdoor
Nessus was able to access the 'webshellcmd.gch' script on the device, which is a backdoor that allows administrative commands to be run on the device without authentication. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid73104; scriptversion"1.5"; scriptcvsdate"Date:...
CVE-2014-2321
webshellcmd.gch on ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests, as demonstrated by using "set TelnetCfg" commands to enable a TELNET service with specified credentials...
CVE-2014-2321
webshellcmd.gch on ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests, as demonstrated by using "set TelnetCfg" commands to enable a TELNET service with specified credentials...
CVE-2014-2321
CVE-2014-2321 affects ZTE F460 and F660 cable modems where the web_shell_cmd.gch backdoor allows remote attackers to obtain administrative access by sending commands (e.g., using set TelnetCfg) to enable TELNET with specified credentials. The Mozi IoT analysis additionally notes that the backdoor...
ZTE F460/F660 cable modems contain an unauthenticated backdoor
Overview ZTE F460/F660 cable modems contain an unauthenticated backdoor. Description ZTE F460/F660 cable modems contain an unauthenticated backdoor. The webshellcmd.gch script accepts unauthenticated commands that have administrative access to the device. It has been reported that the...
D-LINK DIR-615 Cross Site Request Forgery
Exploit Title: Dlink DIR-615 Hardware Version E4 Firmware Verion 5.10 CSRF Vulnerability Google Dork: N/A Date: 19/02/2014 Exploit Author: Dhruv Shah Vendor Homepage: http://www.dlink.com/us/en/home-solutions/connect/routers/dir-615-wireless-n-300-router Software Link: N/A Hardware Version:E4...
Using USB Modems to Phish and Send Malicious SMS Messages
Some USB modems can be leveraged to send malicious SMS messages and even carry out spear-phishing attacks – sometimes in conjunction with each other – thanks to a cross-site request forgery vulnerability present in the device’s web interfaces. According to Swedish security researcher Andreas Lind...
CVE-2012-3047
Cross-site scripting XSS vulnerability in the web-wizard setup page on Cisco Scientific Atlanta D20 and D30 cable modems allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2012-3047
Cross-site scripting XSS vulnerability in the web-wizard setup page on Cisco Scientific Atlanta D20 and D30 cable modems allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2012-3047
The CVE-2012-3047 issue affects Cisco Scientific Atlanta D20 and D30 cable modems, where the web-wizard setup page is vulnerable to Cross-site Scripting (XSS). The root cause is insufficient sanitization of user-supplied input on the web wizard setup page, enabling an unauthenticated, remote atta...