96 matches found
CVE-2020-26201
Askey AP5100WDualSIG1.01.097 and all prior versions use a weak password at the Operating System rlx-linux level. This allows an attacker to gain unauthorized access as an admin or root user to the device Operating System via Telnet or SSH...
CVE-2020-26201
The CVE-2020-26201 issue affects Askey AP5100W Dual SIG devices (version 1.01.097 and older) where a weak OS password on the rlx-linux layer allows an attacker to gain admin/root access via Telnet or SSH. No exploitation details are provided in the sources. Mitigations suggested in PT‑Security in...
Askey AP5100W Dual SIG Security Vulnerability
The Askey AP5100W Dual SIG is a router from Askey China. A security vulnerability exists in the Askey AP5100W Dual SIG version 1.01.097 and earlier, which stems from the use of weak passwords in the Askey AP5100W Dual SIG. An attacker can exploit the vulnerability to gain unauthorized access...
PT-2020-16337 · Rlx +1 · Rlx-Linux +1
Name of the Vulnerable Software and Affected Versions: Askey AP5100W Dual SIG versions 1.01.097 and all prior versions Description: The issue allows an attacker to gain unauthorized access as an admin or root user to the device Operating System via Telnet or SSH, due to a weak password used at th...
Askey AP4000W Code Execution Vulnerability
The Askey AP4000W is an AP device from Askey Computer. A security vulnerability exists in the Askey AP4000W TDCV1.01.003 release. The vulnerability stems from a failure of a network system or product to properly filter special elements of externally input data during the construction of a code...
CVE-2020-8614
An issue was discovered on Askey AP4000W TDCV1.01.003 devices. An attacker can perform Remote Code Execution RCE by sending a specially crafted network packer to the bdsvr service listening on TCP port 54188...
Remote code execution
An issue was discovered on Askey AP4000W TDCV1.01.003 devices. An attacker can perform Remote Code Execution RCE by sending a specially crafted network packer to the bdsvr service listening on TCP port 54188...
CVE-2020-8614
CVE-2020-8614 concerns the Askey AP4000W TDC_V1.01.003 device. A vulnerability allows a remote attacker to achieve Remote Code Execution (RCE) by sending a specially crafted network packet to the bd_svr service listening on TCP port 54188. The information available across connected documents conf...
CVE-2020-8614
An issue was discovered on Askey AP4000W TDCV1.01.003 devices. An attacker can perform Remote Code Execution RCE by sending a specially crafted network packer to the bdsvr service listening on TCP port 54188...
Unspecified Vulnerability in Fastweb Askey RTV1907VW
The Fastweb Askey RTV1907VW is a router from Fastweb Italy. A security vulnerability exists in Fastweb Askey RTV1907VW version 0.00.81FW200Askey 2018-10-02 18:08:18. An attacker can exploit this vulnerability to inject and execute commands via HTTP request using the usbremove service...
CVE-2019-12489
An issue was discovered on Fastweb Askey RTV1907VW 0.00.81FW200Askey 2018-10-02 18:08:18 devices. By using the usbremove service through an HTTP request, it is possible to inject and execute a command between two & characters in the mount parameter...
CVE-2019-12489
An issue was discovered on Fastweb Askey RTV1907VW 0.00.81FW200Askey 2018-10-02 18:08:18 devices. By using the usbremove service through an HTTP request, it is possible to inject and execute a command between two & characters in the mount parameter...
Command injection
An issue was discovered on Fastweb Askey RTV1907VW 0.00.81FW200Askey 2018-10-02 18:08:18 devices. By using the usbremove service through an HTTP request, it is possible to inject and execute a command between two & characters in the mount parameter...
CVE-2019-12489
An issue was discovered on Fastweb Askey RTV1907VW 0.00.81FW200Askey 2018-10-02 18:08:18 devices. By using the usbremove service through an HTTP request, it is possible to inject and execute a command between two & characters in the mount parameter...
CVE-2019-12489
The connected CNVD entry confirms a concrete vulnerability in Fastweb Askey RTV1907VW devices (version 0.00.81_FW_200_Askey 2018-10-02 18:08:18) where the usb_remove service, invoked over HTTP, allows injecting and executing commands within the mount parameter. This is described as a command‑inje...
DefenseCode Security Advisory: Cisco Linksys Remote Preauth 0day Root Exploit Follow-Up
A few weeks ago, we have announced remote preauth root access exploit for Cisco Linksys http://www.youtube.com/watch?v=cv-MbL7KFKE. Vulnerability details were disclosed here: http://www.defensecode.com/public/DefenseCodeBroadcomSecurityAdvisory.pdf During further research, we have discovered that...