21 matches found
CVE-2019-7391
ZyXEL VMG3312-B10B DSL-491HNU-B1B v2 devices allow login/login-page.cgi CSRF...
CVE-2019-7391
CVE-2019-7391 concerns a CSRF vulnerability in ZyXEL VMG3312-B10B (DSL-491HNU-B1B v2) devices. The PoC shows a cross-site request forgery on the login-page.cgi endpoint, enabling an attacker to submit a login request with admin credentials (e.g., AuthName=admin, AuthPassword=1234) from a maliciou...
Zyxel VMG3312-B10B DSL-491HNU-B1 V2 Cross Site Request Forgery
Exploit Title: Zyxel VMG3312-B10B DSL-491HNU-B1B v2 modem CSRF Exploit Version: Zyxel VMG3312-B10B Tested on : Parrot Os Author: Yusuf Furkan Twitter: h1yusuf CVE: CVE-2019-7391 model name: DSL-491HNU-B1B v2 history.pushState'', '', '/'...
Zyxel VMG3312-B10B DSL-491HNU-B1B v2 Modem - Cross-Site Request Forgery Vulnerability
Exploit for hardware platform in category web applications Exploit Title: Zyxel VMG3312-B10B DSL-491HNU-B1B v2 modem CSRF Exploit Version: Zyxel VMG3312-B10B Tested on : Parrot Os Author: Yusuf Furkan Twitter: h1yusuf CVE: CVE-2019-7391 model name: DSL-491HNU-B1B v2 history.pushState'', '', '/'...
ZyXEL VMG3312-B10B Credential Disclosure
Exploit Title: ZyXEL VMG3312-B10B - Leak Credentials "; else continue; else echo "pfff"; ftpclose$ftpconn; ?...
ZyXEL VMG3312-B10B 1.00(AAPP.7) - Credential Disclosure
ZyXEL VMG3312-B10B 1.00AAPP.7 - Credential Disclosure Exploit Title: ZyXEL VMG3312-B10B - Leak Credentials "; else continue; else echo "pfff"; ftpclose$ftpconn; ?...
ZyXEL VMG3312-B10B < 1.00(AAPP.7) - Credential Disclosure
Exploit Title: ZyXEL VMG3312-B10B - Leak Credentials "; else continue; else echo "pfff"; ftpclose$ftpconn; ?...
CVE-2018-18754
ZyXEL VMG3312-B10B 1.00AAPP.7 devices have a backdoor root account with the tTn3+Z@!Sr0O+ password hash in the etc/default.cfg file...
CVE-2018-18754
ZyXEL VMG3312-B10B 1.00AAPP.7 devices have a backdoor root account with the tTn3+Z@!Sr0O+ password hash in the etc/default.cfg file...
Design/Logic Flaw
ZyXEL VMG3312-B10B 1.00AAPP.7 devices have a backdoor root account with the tTn3+Z@!Sr0O+ password hash in the etc/default.cfg file...
ZyXEL VMG3312-B10B Backdoor Root Account Vulnerability
The VMG3312-B10B is a Wireless N VDSL2 4-port gateway with USB from ZyXEL. A backdoor root account vulnerability exists in the ZyXEL VMG3312-B10B 1.00 AAPP.7. An attacker can exploit this vulnerability to access this backdoor root account via a tTn3+Z@!Sr0O+ password hash in the etc/default.cfg...
CVE-2018-18754
CVE-2018-18754 affects ZyXEL VMG3312-B10B gateways (1.00(AAPP.7)) with a backdoor root account whose password hash tTn3+Z@!Sr0O+ is stored in etc/default.cfg. Multiple connected sources corroborate a backdoor/root access issue, enabling potentially unauthorized full control. NVD metrics show a hi...
CVE-2018-18754
ZyXEL VMG3312-B10B 1.00AAPP.7 devices have a backdoor root account with the tTn3+Z@!Sr0O+ password hash in the etc/default.cfg file...
Zyxel VMG3312-B10B cross-site scripting vulnerability (CNVD-2018-17658)
The Zyxel VMG3312 B10B is an Internet access gateway device from Hopkins ZyXEL Technology. A cross-site scripting vulnerability exists in the Zyxel VMG3312 B10B. A remote attacker can exploit this vulnerability by sending the 'hostname' parameter to the...
CVE-2018-15602
Zyxel VMG3312 B10B devices are affected by a persistent XSS vulnerability via the pages/connectionStatus/connectionStatus-hostEntry.cmd hostname parameter...
Cross site scripting
Zyxel VMG3312 B10B devices are affected by a persistent XSS vulnerability via the pages/connectionStatus/connectionStatus-hostEntry.cmd hostname parameter...
CVE-2018-15602
Affected product: Zyxel VMG3312 B10B gateway devices. vulnerability: persistent cross-site scripting (XSS) in the pages/connectionStatus/connectionStatus-hostEntry.cmd hostname parameter. Root cause: improper handling of the hostname parameter leads to script/HTML injection. Impact stated in sour...
CVE-2018-15602
Zyxel VMG3312 B10B devices are affected by a persistent XSS vulnerability via the pages/connectionStatus/connectionStatus-hostEntry.cmd hostname parameter...
ZyXEL VMG3312-B10B Cross-Site Scripting Vulnerability
The VMG3312-B10B is a router product from ZyXEL. The ZyXEL VMG3312-B10B suffers from a cross-site scripting vulnerability that can be exploited by attackers to perform cross-site scripting attacks...
ZyXEL VMG3312-B10B - Cross-Site Scripting Vulnerability
Exploit for hardware platform in category web applications Exploit Title: ZyXEL VMG3312-B10B - Cross-Site Scripting Exploit Author: Samet ŞAHİN Vendor Homepage: https://www.zyxel.com/ Software Link: ftp://ftp.zyxel.com.tr/ZyXELURUNLERI/MODEMLER/VDSLMODEMLER/VMG3312-B10B/ Version: ZyXEL VMG3312-B1...