CVE-2014-2321

webshellcmd.gch on ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests, as demonstrated by using "set TelnetCfg" commands to enable a TELNET service with specified credentials...

CVE-2014-2321

webshellcmd.gch on ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests, as demonstrated by using "set TelnetCfg" commands to enable a TELNET service with specified credentials...

CVE-2014-2321

CVE-2014-2321 affects ZTE F460 and F660 cable modems where the web_shell_cmd.gch backdoor allows remote attackers to obtain administrative access by sending commands (e.g., using set TelnetCfg) to enable TELNET with specified credentials. The Mozi IoT analysis additionally notes that the backdoor...

ZTE F460/F660 cable modems contain an unauthenticated backdoor

Overview ZTE F460/F660 cable modems contain an unauthenticated backdoor. Description ZTE F460/F660 cable modems contain an unauthenticated backdoor. The webshellcmd.gch script accepts unauthenticated commands that have administrative access to the device. It has been reported that the...

D-LINK DIR-615 Cross Site Request Forgery

Exploit Title: Dlink DIR-615 Hardware Version E4 Firmware Verion 5.10 CSRF Vulnerability Google Dork: N/A Date: 19/02/2014 Exploit Author: Dhruv Shah Vendor Homepage: http://www.dlink.com/us/en/home-solutions/connect/routers/dir-615-wireless-n-300-router Software Link: N/A Hardware Version:E4...

Using USB Modems to Phish and Send Malicious SMS Messages

Some USB modems can be leveraged to send malicious SMS messages and even carry out spear-phishing attacks – sometimes in conjunction with each other – thanks to a cross-site request forgery vulnerability present in the device’s web interfaces. According to Swedish security researcher Andreas Lind...

CVE-2012-3047

Cross-site scripting XSS vulnerability in the web-wizard setup page on Cisco Scientific Atlanta D20 and D30 cable modems allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2012-3047

Cross-site scripting XSS vulnerability in the web-wizard setup page on Cisco Scientific Atlanta D20 and D30 cable modems allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2012-3047

The CVE-2012-3047 issue affects Cisco Scientific Atlanta D20 and D30 cable modems, where the web-wizard setup page is vulnerable to Cross-site Scripting (XSS). The root cause is insufficient sanitization of user-supplied input on the web wizard setup page, enabling an unauthenticated, remote atta...

Fedora Update for hylafax+ FEDORA-2013-14396

Check for the Version of hylafax+ OpenVAS Vulnerability Test Fedora Update for hylafax+ FEDORA-2013-14396 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

[SECURITY] Fedora 19 Update: hylafax+-5.5.4-1.fc19

HylaFAXtm is a enterprise-strength fax server supporting Class 1 and 2 fax modems on UNIX systems. It provides spooling services and numerous supporting fax management tools. The fax clients may reside on machines different from the server and client implementations exist for a number of platform...

[SECURITY] Fedora 18 Update: hylafax+-5.5.4-1.fc18

HylaFAXtm is a enterprise-strength fax server supporting Class 1 and 2 fax modems on UNIX systems. It provides spooling services and numerous supporting fax management tools. The fax clients may reside on machines different from the server and client implementations exist for a number of platform...

Vulnerability in USB Internet Modems allows hacker to access Millions of Computers remotely

A USB Internet Modems or Data card, is a type of modem that allows your computer to receive Internet access using USB Port and connect to a GSM/CDMA network there by creating a PPPoE Point to Point protocol over Ethernet interface to your computer. Indian Security Researcher 'Rahul Sasi' found a...

Vulnerability in USB Internet Modems allows hacker to access Millions of Computers remotely

A USB Internet Modems or Data card, is a type of modem that allows your computer to receive Internet access using USB Port and connect to a GSM/CDMA network there by creating a PPPoE Point to Point protocol over Ethernet interface to your computer. Indian Security Researcher 'Rahul Sasi' found a...

Millions of DSL modems hacked in Brazil, spread banking malware

More than 4.5 million DSL modems have been compromised as part of a sustained hacking campaign in Brazil, with the devices spreading malware and malicious web address redirects. According to the malware analyst at Kaspersky Lab in Brazil, Fabio Assolini. The vulnerability exploited by attackers...

The Tale of One Thousand and One DSL Modems

This is the description of an attack happening in Brazil since 2011 using 1 firmware vulnerability, 2 malicious scripts and 40 malicious DNS servers, which affected 6 hardware manufacturers, resulting in millions of Brazilian internet users falling victim to a sustained and silent mass attack on...

WAP Proof 2008 - Denial of Service

Description : WAP Proof is an universal emulator of a WAP browser for Microsoft Windows. It is designed for the preview and debugging of mobile websites and provide support for WML, XHTML, cHTML and HTML pages and a compatible GSM modems, such as Wavecom, Alcatel, Motorola, Nokia, Siemens, Sagem,...

WAP Proof 2008 - Denial of Service

WAP Proof 2008 - Denial of Service Description : WAP Proof is an universal emulator of a WAP browser for Microsoft Windows. It is designed for the preview and debugging of mobile websites and provide support for WML, XHTML, cHTML and HTML pages and a compatible GSM modems, such as Wavecom, Alcate...

Cisco Scientific Atlanta D20 and D30 Based Cable Modem Cross-Site Scripting Vulnerability

Cisco Scientific Atlanta cable modems D20 and D30 based products contain a vulnerability that could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to insufficient sanitization of user-supplied input to the web wizard setup web page. An...

AirTies-4450 - Unauthorized Remote Reboot (Denial of Service)

!/usr/bin/perl Title: AirTies-4450 Unauthorized Remote Reboot DoS. Type: hardware Tested on firmware: AirTiesAir4450RUFW1.1.2.18.bin Author: rigan - imrigan sobachka gmail.com The description of the device from a site of the vendor: With its Access Point and Router functionality, the Air 4450...