41 matches found
Cisco IOS XE Software 安全漏洞
Cisco IOS XE is an operating system developed by Cisco for its network devices.Web UI is a feature of IOS XE software designed to simplify the deployment, management process, and enhance the user experience. The Cisco IOS XE Software web UI elevation of privilege vulnerability can be exploited by...
Camaro Dragon Strikes with New TinyNote Backdoor for Intelligence Gathering
The Chinese nation-state group known as Camaro Dragon has been linked to yet another backdoor that's designed to meet its intelligence-gathering goals. Israeli cybersecurity firm Check Point, which dubbed the Go-based malware TinyNote, said it functions as a first-stage payload capable of "basic...
Binary Vulnerability in ISP Version of Soft Route for Shenzhen Baiwei Tongda Technology Co.
Shenzhen Baiwei Tongda Technology Co., Ltd. is committed to providing leading network solutions for Internet cafes, neighborhoods, hotels, businesses, and public Internet access places. A binary vulnerability exists in the ISP version of the soft router of Shenzhen BWT Technology Co. An attacker...
CVE-2018-20334
An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing the /startapply.htm POST data, there is a command injection issue via shell metacharacters in the fbemail parameter. By using this issue, an attacker can control the router and get shell...
CVE-2018-20334
An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing the /startapply.htm POST data, there is a command injection issue via shell metacharacters in the fbemail parameter. By using this issue, an attacker can control the router and get shell...
CVE-2019-20004
An issue was discovered on Intelbras IWR 3000N 1.8.7 devices. When the administrator password is changed from a certain client IP address, administrative authorization remains available to any client at that IP address, leading to complete control of the router...
CVE-2019-19995
A CSRF issue was discovered on Intelbras IWR 3000N 1.8.7 devices, leading to complete control of the router, as demonstrated by v1/system/user...
CVE-2019-19995
A CSRF issue was discovered on Intelbras IWR 3000N 1.8.7 devices, leading to complete control of the router, as demonstrated by v1/system/user...
Cross site request forgery (csrf)
A CSRF issue was discovered on Intelbras IWR 3000N 1.8.7 devices, leading to complete control of the router, as demonstrated by v1/system/user...
CVE-2019-17506
There are some web interfaces without authentication requirements on D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 routers. An attacker can get the router's username and password and other information via a DEVICE.ACCOUNT value for SERVICES in conjunction with AUTHORIZEDGROUP=1%0a to getcfg.php...
CVE-2019-3417
All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by command injection vulnerability. Due to insufficient parameter validation check, an authorized user can exploit this vulnerability to take control of user router system...
CVE-2019-11416
A CSRF issue was discovered on Intelbras IWR 3000N 1.5.0 devices, leading to complete control of the router, as demonstrated by v1/system/user...
CVE-2019-11414
CVE-2019-11414 affects Intelbras IWR 3000N devices running 1.5.0. The issue: when the administrator password is changed from a specific client IP address, administrative authorization remains available to any client at that IP, allowing complete control of the router. Root cause and detailed mech...
CVE-2019-11414
An issue was discovered on Intelbras IWR 3000N 1.5.0 devices. When the administrator password is changed from a certain client IP address, administrative authorization remains available to any client at that IP address, leading to complete control of the router...
CVE-2018-17777
The CVE-2018-17777 entry describes a credential-bypass on D-Link DVA-5592 A1_WI_20180823 devices. If the Parental Control PIN on the page /ui/cbpc/login is the default 0000, an attacker can bypass the login form by editing the path of the cookie sid, gaining administrator access to the router con...
Mikrotik RouterOS 'Winbox Service' Information Disclosure Vulnerability (Apr 2018) - Version Check
Mikrotik RouterOS is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2017-9542
D-Link DIR-615 Wireless N 300 Router allows authentication bypass via a modified POST request to login.cgi. This issue occurs because it fails to validate the password field. Successful exploitation of this issue allows an attacker to take control of the affected device...
PT-2017-2634 · D Link · D-Link Dir-615 Wireless N 300 Router
Name of the Vulnerable Software and Affected Versions: D-Link DIR-615 Wireless N 300 Router Description: The issue is related to weaknesses in the authentication procedure of the router's firmware. It can be exploited by a remote attacker using a modified POST request to the "login.cgi" endpoint,...
ASUS PCE-AC56 WLAN Card Utilities (PCAUSA Rawether Windows 10 x64) - Local Privilege Escalation Expl
Exploit for windows platform in category local exploits Rawether for Windows is a framework that facilitates communication between an application and the NDIS miniport driver. It’s produced by a company named Printing Communications Assoc., Inc. PCAUSA, which seems to be no longer operating...
ASUS PCE-AC56 WLAN Card Utilities (PCAUSA Rawether Windows 10 x64) - Local Privilege Escalation
ASUS PCE-AC56 WLAN Card Utilities PCAUSA Rawether Windows 10 x64 - Local Privilege Escalation. Local exploit for Winx86-64 platform Rawether for Windows is a framework that facilitates communication between an application and the NDIS miniport driver. Itâs produced by a company named Printing...