CVE-2019-7564

An issue was discovered on Shenzhen Coship WM3300 WiFi Router 5.0.0.55 devices. The password reset functionality of the Wireless SSID doesn't require any type of authentication. By making a POST request to the regx/wireless/wlsecurity2G.asp URI, the attacker can change the password of the Wi-FI...

EUVD-2019-17102

Malware in sbrugna...

EUVD-2018-20381

Malware in sbrugna...

CVE-2019-19823

A certain router administration interface that includes Realtek APMIB 0.11f for Boa 0.94.14rc21 stores cleartext administrative passwords in flash memory and in a file. This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4....

CVE-2019-19823

A certain router administration interface that includes Realtek APMIB 0.11f for Boa 0.94.14rc21 stores cleartext administrative passwords in flash memory and in a file. This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4....

CVE-2019-19822

A certain router administration interface that includes Realtek APMIB 0.11f for Boa 0.94.14rc21 allows remote attackers to retrieve the configuration, including sensitive data usernames and passwords. This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R...

Code injection

A certain router administration interface that includes Realtek APMIB 0.11f for Boa 0.94.14rc21 allows remote attackers to retrieve the configuration, including sensitive data usernames and passwords. This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R...

CVE-2019-19822

The CVE-2019-19822 entry concerns Realtek SDK-based routers (Boa HTTP server using Realtek APMIB 0.11f) where unauthenticated remote attackers can retrieve the full router configuration (including credentials) via the config.dat file. Affected devices include TOTOLINK A3002RU (up to 2.0.0), A702R...

CVE-2019-7564

An issue was discovered on Shenzhen Coship WM3300 WiFi Router 5.0.0.55 devices. The password reset functionality of the Wireless SSID doesn't require any type of authentication. By making a POST request to the regx/wireless/wlsecurity2G.asp URI, the attacker can change the password of the Wi-FI...

Authentication flaw

An issue was discovered on Shenzhen Coship WM3300 WiFi Router 5.0.0.55 devices. The password reset functionality of the Wireless SSID doesn't require any type of authentication. By making a POST request to the regx/wireless/wlsecurity2G.asp URI, the attacker can change the password of the Wi-FI...

CVE-2019-7564

The CVE-2019-7564 entry concerns Shenzhen Coship WM3300 WiFi Router devices (notably 5.0.0.55). A password-reset function for the Wireless SSID does not require authentication, allowing an unauthenticated POST to regx/wireless/wl_security_2G.asp to change the Wi-Fi password. Red Hat and other fee...

CVE-2019-7564

An issue was discovered on Shenzhen Coship WM3300 WiFi Router 5.0.0.55 devices. The password reset functionality of the Wireless SSID doesn't require any type of authentication. By making a POST request to the regx/wireless/wlsecurity2G.asp URI, the attacker can change the password of the Wi-FI...

CVE-2019-6441

An issue was discovered on Shenzhen Coship RT3050 4.0.0.40, RT3052 4.0.0.48, RT7620 10.0.0.49, WM3300 5.0.0.54, and WM3300 5.0.0.55 devices. The password reset functionality of the router doesn't have backend validation for the current password and doesn't require any type of authentication. By...

Authentication flaw

An issue was discovered on Shenzhen Coship RT3050 4.0.0.40, RT3052 4.0.0.48, RT7620 10.0.0.49, WM3300 5.0.0.54, and WM3300 5.0.0.55 devices. The password reset functionality of the router doesn't have backend validation for the current password and doesn't require any type of authentication. By...

CVE-2019-6441

An issue was discovered on Shenzhen Coship RT3050 4.0.0.40, RT3052 4.0.0.48, RT7620 10.0.0.49, WM3300 5.0.0.54, and WM3300 5.0.0.55 devices. The password reset functionality of the router doesn't have backend validation for the current password and doesn't require any type of authentication. By...

CVE-2019-6441

CVE-2019-6441 affects Shenzhen Coship RT3050/RT3052/RT7620/WM3300 devices (firmware versions 4.0.0.40/4.0.0.48/10.0.0.49/5.0.0.54/5.0.0.55). The issue is an unauthenticated password reset function: the router’s password reset workflow does not validate the current password and requires no authent...

Coship Wireless Router 4.0.0.x / 5.0.0.x Authentication Bypass

Exploit Title: Coship Wireless Router a Wireless SSID Unauthenticated Password Reset Date: 07.02.2019 Exploit Author: Adithyan AK Vendor Homepage: http://en.coship.com/ Category: Hardware WiFi Router Affected Versions : Coship RT3052 - 4.0.0.48, Coship RT3050 - 4.0.0.40, Coship WM3300 - 5.0.0.54,...

Coship Wireless Router 4.0.0.x5.0.0.x - WiFi Password Reset

Coship Wireless Router 4.0.0.x5.0.0.x - WiFi Password Reset Exploit Title: Coship Wireless Router – Wireless SSID Unauthenticated Password Reset Date: 07.02.2019 Exploit Author: Adithyan AK Vendor Homepage: http://en.coship.com/ Category: Hardware WiFi Router Affected Versions : Coship RT3052 -...

Coship Wireless Router 4.0.0.x/5.0.0.x - WiFi Password Reset

Exploit for hardware platform in category web applications Exploit Title: Coship Wireless Router – Wireless SSID Unauthenticated Password Reset Exploit Author: Adithyan AK Vendor Homepage: http://en.coship.com/ Category: Hardware WiFi Router Affected Versions : Coship RT3052 - 4.0.0.48, Coship...

Coship Wireless Router 4.0.0.x/5.0.0.x - WiFi Password Reset

Exploit Title: Coship Wireless Router – Wireless SSID Unauthenticated Password Reset Date: 07.02.2019 Exploit Author: Adithyan AK Vendor Homepage: http://en.coship.com/ Category: Hardware WiFi Router Affected Versions : Coship RT3052 - 4.0.0.48, Coship RT3050 - 4.0.0.40, Coship WM3300 - 5.0.0.54,...