Tenda AC9 缓冲区错误漏洞

Tenda AC9 is a wireless router. a stack overflow vulnerability exists in the Tenda AC9 SetStaticRouteCfg function. An attacker can exploit the vulnerability to obtain a stable root shell via a constructed payload...

Totolink a3100r Trust Management Issue Vulnerability

TotoLink A3100R is a series of wireless routers from TotoLink, a Taiwan-based company. TotoLink A3100R version V5.9c.4577 is vulnerable to a trust management issue, which stems from the fact that the telnet password is hard-coded and pre-populated in the official firmware, and an attacker connect...

CVE-2021-46008

In totolink a3100r V5.9c.4577, the hard-coded telnet password can be discovered from official released firmware. An attacker, who has connected to the Wi-Fi, can easily telnet into the target with root shell if the telnet is function turned on...

Hardcoded credentials

In totolink a3100r V5.9c.4577, the hard-coded telnet password can be discovered from official released firmware. An attacker, who has connected to the Wi-Fi, can easily telnet into the target with root shell if the telnet is function turned on...

CVE-2021-46008

In totolink a3100r V5.9c.4577, the hard-coded telnet password can be discovered from official released firmware. An attacker, who has connected to the Wi-Fi, can easily telnet into the target with root shell if the telnet is function turned on...

CVE-2022-25218

The use of the RSA algorithm without OAEP, or any other padding scheme, in telnetdstartup, allows an unauthenticated attacker on the local area network to achieve a significant degree of control over the "plaintext" to which an arbitrary blob of ciphertext will be decrypted by OpenSSL's...

CVE-2022-25218

The use of the RSA algorithm without OAEP, or any other padding scheme, in telnetdstartup, allows an unauthenticated attacker on the local area network to achieve a significant degree of control over the "plaintext" to which an arbitrary blob of ciphertext will be decrypted by OpenSSL's...

CVE-2022-25218

The use of the RSA algorithm without OAEP, or any other padding scheme, in telnetdstartup, allows an unauthenticated attacker on the local area network to achieve a significant degree of control over the "plaintext" to which an arbitrary blob of ciphertext will be decrypted by OpenSSL's...

CVE-2022-25217

Use of a hard-coded cryptographic key pair by the telnetdstartup service allows an attacker on the local area network to obtain a root shell on the device over telnet. The builds of telnetdstartup included in the version 22.5.9.163 of the K2 firmware, and version 32.1.15.93 of the K3C firmware...

Hardcoded credentials

Use of a hard-coded cryptographic key pair by the telnetdstartup service allows an attacker on the local area network to obtain a root shell on the device over telnet. The builds of telnetdstartup included in the version 22.5.9.163 of the K2 firmware, and version 32.1.15.93 of the K3C firmware...

Hardcoded credentials

Improper physical access control and use of hard-coded credentials in /etc/passwd permits an attacker with physical access to obtain a root shell via an unprotected UART port on the device. The same port exposes an unauthenticated Das U-Boot BIOS shell...

Design/Logic Flaw

The use of the RSA algorithm without OAEP, or any other padding scheme, in telnetdstartup, allows an unauthenticated attacker on the local area network to achieve a significant degree of control over the "plaintext" to which an arbitrary blob of ciphertext will be decrypted by OpenSSL's...

CVE-2022-25213

Improper physical access control and use of hard-coded credentials in /etc/passwd permits an attacker with physical access to obtain a root shell via an unprotected UART port on the device. The same port exposes an unauthenticated Das U-Boot BIOS shell...

Exploit for Improper Initialization in Linux Linux_Kernel

What is this This is Max Kellermann's proof of concept for Di...

Phicomm 多款产品信任管理问题漏洞

Phicomm PHICOMM K2 is a wireless router.PHICOMM K3 is a dual-band Gigabit wireless WiFi router.PHICOMM K3C is a dual-band Gigabit wireless WiFi router.PHICOMM K2 A7 is a dual-band Gigabit wireless WiFi router.PHICOMM K2G A1 is a dual-band Gigabit wireless WiFi router. The PHICOMM K3 is a dual-ban...

Dirty Pipe SUID Binary Hijack Privilege Escalation Exploit

Variant proof of concept exploit for the Dirty Pipe file overwrite vulnerability. This version hijacks a SUID binary to spawn a root shell. // // dirtypipez.c // // hacked up Dirty Pipe CVE-2022-0847 PoC that hijacks a SUID binary to spawn // a root shell. and attempts to restore the damaged bina...

Exploit for Improper Initialization in Linux Linux_Kernel

CVE-2022-0847-dirty-pipe-exploit An exploit for CVE-2022-0847...

Exploit for Improper Initialization in Linux Linux_Kernel

CVE-2022-0847 Original URL https://dirtypipe.cm4all.com/...

CVE-2022-25213

CVE-2022-25213 describes improper physical access control and hard-coded credentials in /etc/passwd that allow an attacker with physical access to obtain a root shell via an unprotected UART port, which also exposes an unauthenticated Das U-Boot BIOS shell. The description applies to devices with...

CVE-2022-25217

Use of a hard-coded cryptographic key pair by the telnetdstartup service allows an attacker on the local area network to obtain a root shell on the device over telnet. The builds of telnetdstartup included in the version 22.5.9.163 of the K2 firmware, and version 32.1.15.93 of the K3C firmware...