Multiple D-Link Product Management Password Disclosure Vulnerability

The D-Link DIR-652, DIR-615, DIR-827, DIR-615, DIR-657, and DIR-825 are all wireless router products from AUO D-Link. A security vulnerability exists in multiple D-Link products. An attacker could exploit the vulnerability to cause the leakage of password information, thereby obtaining sensitive...

Cisco RV110W, RV130W, and RV215W Authorization Issues Vulnerabilities

Cisco?RV110W and others are a VPN firewall router from Cisco USA. An authorization issue vulnerability exists in the web-based management interface in the Cisco RV110W, RV130W, and RV215W, which can be exploited by a remote attacker to access information in the syslog file...

Cisco RV110W, RV130W, and RV215W Authorization Issue Vulnerabilities (CNVD-2019-25712)

Cisco RV110W and others are a VPN firewall router from Cisco USA. An authorization issue vulnerability exists in the Cisco RV110W, RV130W, and RV215W, which can be exploited by a remote attacker to obtain a list of devices connected to a guest network by accessing a URL on the web interface...

Airba.sh - A POSIX-compliant, Fully Automated WPA PSK Handshake Capture Script Aimed At Penetration Testing

Airbash is a POSIX-compliant, fully automated WPA PSK handshake capture script aimed at penetration testing. It is compatible with Bash and Android Shell tested on Kali Linux and Cyanogenmod 10.2 and uses aircrack-ng to scan for clients that are currently connected to access points AP. Those...

ASUS Patches Root Command Execution Flaws Haunting Over a Dozen Router Models

ASUS released patches for over a dozen router models on Tuesday that are each vulnerable to multiple firmware flaws that when combined give a local unauthenticated attacker the ability to execute commands as root on targeted devices. Routers models patched by ASUS are RT-AC88U, RT-AC3100, RT-AC86...

Juniper Issues Security Alert Tied to Routers and Switches

Juniper Networks warned customers Thursday of a high-risk vulnerability in the GD graphics library that could allow a remote attacker to take control of systems running certain versions of the Junos OS. The alert was in conjunction with a warning from the U.S. Computer Emergency Readiness Team...

CVE-2017-5892

ASUS RT-AC and RT-N devices with firmware before 3.0.0.4.380.7378 allow JSONP Information Disclosure such as a network map...

Netgear Routers - Password Disclosure

Trustwave SpiderLabs Security Advisory TWSL2017-003: Multiple Vulnerabilities in NETGEAR Routers Published: 01/30/2017 Version: 1.0 Vendor: NETGEAR http://www.netgear.com/ Product: Multiple products Finding 1: Remote and Local Password Disclosure Credit: Simon Kenin of Trustwave SpiderLabs CVE:...

Backdoor credentials found in 4 TOTOLINK router models

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory Information Title: Backdoor credentials found in 4 TOTOLINK router models Advisory URL: https://pierrekim.github.io/advisories/2015-totolink-0x03.txt Blog URL:...

4 TOTOLINK router models vulnerable to CSRF and XSS attacks

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory Information Title: 4 TOTOLINK router models vulnerable to CSRF and XSS attacks Advisory URL: https://pierrekim.github.io/advisories/2015-totolink-0x01.txt Blog URL:...

4 TOTOLINK Router Models - Backdoor Credentials

4 TOTOLINK Router Models - Backdoor Credentials Advisory Information Title: Backdoor credentials found in 4 TOTOLINK router models Advisory URL: https://pierrekim.github.io/advisories/2015-totolink-0x03.txt Blog URL:...

8 TOTOLINK Router Models - Backdoor Access / Remote Code Execution

Advisory Information Title: Backdoor and RCE found in 8 TOTOLINK router models Advisory URL: https://pierrekim.github.io/advisories/2015-totolink-0x02.txt Blog URL: https://pierrekim.github.io/blog/2015-07-16-backdoor-and-RCE-found-in-8-TOTOLINK-products.html Date published: 2015-07-16 Vendors...

D-Link cloud routing memory vulnerability: hack 1 minute break or leakage of online banking passwords-vulnerability warning-the black bar safety net

D-Link cloud routing memory the vulnerability may leak password Relates to 1 of 7 models; the Friends of the news group in English official website released four of the model number Router the patch, but there is no Chinese version of the Beijing news news recently, the domestic security experts...

Linksys E-Series TheMoon Remote Command Injection

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Linksys E-Series TheMoon Remote Command Injection', 'Description' = %q Some Linksys E-Series Routers are vulnerable to an...

[RouterPassView] Recover lost password from router backup file

Most modern routers allow you to backup the configuration of the router into a file, and then restore the configuration from the file when it's needed. The backup file of the router usually contains important data like your ISP user name/password, the login password of the router, and wireless...

ASUS AiCloud Enabled Routers 12 Models - Authentication bypass and Sensitive file/path disclosure

ASUS routers, which are enabled with the AiCloud service SSL ports, are vulnerable to bypass of authentication and sensitive file disclosure. This vulnerability has been observed in all firmware versions, though the latest version increases the complexity of the attack. By sending a special craft...

Ghost catcher of the eye(ZoomEye)on the D-Link back door of the statistical analysis report-vulnerability warning-the black bar safety net

Background Security researcher reverse engineering to discover the embedded equipment manufacturers Taiwan, Information Technology D-Link router models Use the firmware system in the presence of the back door. The D-Link firmware by its U.S. subsidiary Alpha Networks development. Hackers only nee...

D-Link Planning to Patch Router Backdoor Bug

D-Link is in the process of developing a patch for a serious security vulnerability in some of its older routers that essentially functions as a backdoor. The bug, discovered by a security researcher and publicized over the weekend, enables a remote user to log into an affected router as an...

Re: OS-Command Injection via UPnP Interface in multiple D-Link devices

I can concur these issues exist in several other models as well. In fact, on any UPnP enabled D-Link from 868L and down, merely selecting "Display Hidden Elements" inside the developer tool bar, will expose the entire administrative GUI. Additional models I found the same bug, though I'm so sure...

Telecom Italia Alice Pirelli routers Backdoor from internal LAN/WAN

No description provided by source. saxdax & drpepperONE Discovered embedded backdoor to activate telnet/ftp/tftp/web extended admin interface with Admin privileges, from internal network lan on Alice ADSL CPE Modem/Router, manufactered by Pirelli based on Broadcom platform. saxdax & drpepperONE...