Lucene search
K

13 matches found

The Hacker News
The Hacker News
added 2024/08/29 11:5 a.m.86 views

Unpatched AVTECH IP Camera Flaw Exploited by Hackers for Botnet Attacks

A years-old high-severity flaw impacting AVTECH IP cameras has been weaponized by malicious actors as a zero-day to rope them into a botnet. CVE-2024-7029 CVSS score: 8.7, the vulnerability in question, is a "command injection vulnerability found in the brightness function of AVTECH closed-circui...

10CVSS9.1AI score0.99975EPSS
Exploits13
The Hacker News
The Hacker News
added 2023/03/17 12:7 p.m.266 views

New GoLang-Based HinataBot Exploiting Router and Server Flaws for DDoS Attacks

A new Golang-based botnet dubbed HinataBot has been observed to leverage known flaws to compromise routers and servers and use them to stage distributed denial-of-service DDoS attacks. "The malware binaries appear to have been named by the malware author after a character from the popular anime...

10CVSS0.1AI score0.99975EPSS
Exploits8
F5 Networks
F5 Networks
added 2023/02/21 6:54 p.m.125 views

K57390658: miniigd SOAP service in Realtek SDK vulnerability CVE-2014-8361

Security Advisory Description The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request. CVE-2014-8361 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product...

10CVSS9.2AI score0.99975EPSS
Exploits6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/04/09 12:0 a.m.110 views

JVN#67456944: Multiple vulnerabilities in multiple Aterm products

Multiple Aterm products provided by NEC Corporation contain multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2021-20680 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:M/Au:N/C:N/I:P/A:N| Base Score...

10CVSS9AI score0.99975EPSS
Exploits6
ThreatPost
ThreatPost
added 2018/12/20 8:41 p.m.219 views

Huawei Router Flaw Leaks Default Credential Status

A vulnerability in some Huawei routers used for carrier ISP services allows cybercriminals to identify whether the devices have default credentials or not – without ever connecting to them. CVE-2018-7900 exists in the router panel and allows credentials information to leak – so attackers can simp...

10CVSS1.4AI score0.99975EPSS
Exploits29References4
ThreatPost
ThreatPost
added 2018/02/02 1:32 p.m.77 views

JenX Botnet Has Grand Theft Auto Hook

Researchers at Radware have discovered a new botnet that uses vulnerabilities linked with the Satori botnet and is leveraging the Grand Theft Auto videogame community to infect IoT devices. Satori is a derivative of Mirai, the notorious botnet that in 2016 infamously managed to take down Dyn, a D...

10CVSS9.3AI score0.99975EPSS
Exploits8References9
Check Point Advisories
Check Point Advisories
added 2016/09/20 12:0 a.m.29 views

Realtek SDK Miniigd AddPortMapping SOAP Action Command Injection (CVE-2014-8361)

A command injection vulnerability exists in Realtek SDK. The vulnerability is due to lack of input sanitization on user-supplied data when processing the NewInternalClient requests to the miniigd SOAP service. By sending a crafted SOAP request to the affected service, a remote unauthenticated...

10CVSS8.5AI score0.99975EPSS
Exploits6
Circl
Circl
added 2015/06/01 12:0 a.m.25 views

CVE-2014-8361

creationtimestamp| type| source ---|---|--- 2015-06-01 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/37169 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/realtekminiigdupnpexecnoauth.rb 2018-05-29...

10CVSS7.3AI score0.99975EPSS
In wildExploits6References15
Packet Storm
Packet Storm
added 2015/05/29 12:0 a.m.218 views

Realtek SDK Miniigd UPnP SOAP Command Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Realtek SDK Miniigd UPnP SOAP Command Execution', 'Description' = %q Different devices using the Realtek SDK with the miniigd daemon...

10CVSS0.2AI score0.99975EPSS
Exploits6
Metasploit
Metasploit
added 2015/05/03 4:9 p.m.40 views

Realtek SDK Miniigd UPnP SOAP Command Execution

Different devices using the Realtek SDK with the miniigd daemon are vulnerable to OS command injection in the UPnP SOAP interface. Since it is a blind OS command injection vulnerability, there is no output for the executed command. This module has been tested successfully on a Trendnet TEW-731BR...

9.8CVSS7.5AI score0.99975EPSS
Exploits6
NVD
NVD
added 2015/05/01 3:59 p.m.33 views

CVE-2014-8361

The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023...

10CVSS7.6AI score0.99975EPSS
Exploits6References10
Vulnrichment
Vulnrichment
added 2015/05/01 12:0 a.m.18 views

CVE-2014-8361

The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023...

7.9AI score0.99975EPSS
Exploits6References9
CVE
CVE
added 2015/05/01 12:0 a.m.692 views

CVE-2014-8361

CVE-2014-8361 affects Realtek SDK’s miniigd UPnP SOAP service. The root cause is improper input validation in the NewInternalClient handling, enabling a remote attacker to execute arbitrary code. The description notes exploitation in the wild through 2023. Related sources indicate this vulnerabil...

10CVSS8.1AI score0.99975EPSS
In wildExploits6References10Affected Software1
Rows per page
Query Builder