17 matches found
Buffalo WSR-2533DHPL2 - Path Traversal
Buffalo WSR-2533DHPL2 firmware version = 1.02 and WSR-2533DHP3 firmware version = 1.24 are susceptible to a path traversal vulnerability that could allow unauthenticated remote attackers to bypass authentication in their web interfaces. id: CVE-2021-20090 info: name: Buffalo WSR-2533DHPL2 - Path...
HughesNet HT2000W Satellite Modem - Password Reset Exploit
Exploit Title: HughesNet HT2000W Satellite Modem Arcadyan httpd 1.0 - Password Reset Exploit Author: Simon Greenblatt Vendor: HughesNet Version: Arcadyan httpd 1.0 Tested on: Linux CVE: CVE-2021-20090 import sys import requests import re import base64 import hashlib import urllib red = "\0330;41m...
HughesNet HT2000W Satellite Modem Password Reset
Exploit Title: HughesNet HT2000W Satellite Modem Arcadyan httpd 1.0 - Password Reset Date: 7/16/24 Exploit Author: Simon Greenblatt Vendor: HughesNet Version: Arcadyan httpd 1.0 Tested on: Linux CVE: CVE-2021-20090 import sys import requests import re import base64 import hashlib import urllib re...
HughesNet HT2000W Satellite Modem - Password Reset
Exploit Title: HughesNet HT2000W Satellite Modem Arcadyan httpd 1.0 - Password Reset Date: 7/16/24 Exploit Author: Simon Greenblatt Vendor: HughesNet Version: Arcadyan httpd 1.0 Tested on: Linux CVE: CVE-2021-20090 import sys import requests import re import base64 import hashlib import urllib re...
Joint Advisory AA22-279A and Vulristics
Hello everyone! This episode will be about the new hot twenty vulnerabilities from CISA, NSA and FBI, Joint cybersecurity advisory CSA AA22-279A, and how I analyzed these vulnerabilities using my open source project Vulristics. Alternative video link for Russia: Americans cant just release a list...
Buffalo Router Path Traversal (CVE-2021-20090)
Binary data buffaloCVE-2021-20090pathtraversal.nbin...
Command injection
The Telus Wi-Fi Hub PRV65B444A-S-TS with firmware version 3.00.20 is affected by an authenticated command injection vulnerability in multiple parameters passed to tr69cmd.cgi. A remote attacker connected to the router's LAN and authenticated with a super user account, or using a bypass...
CVE-2021-20122
The Telus Wi-Fi Hub PRV65B444A-S-TS with firmware version 3.00.20 is affected by an authenticated command injection vulnerability in multiple parameters passed to tr69cmd.cgi. A remote attacker connected to the router's LAN and authenticated with a super user account, or using a bypass...
CVE-2021-38703
Wireless devices running certain Arcadyan-derived firmware such as KPN Experia WiFi 1.00.15 do not properly sanitise user input to the syslog configuration form. An authenticated remote attacker could leverage this to alter the device configuration and achieve remote code execution. This can be...
Design/Logic Flaw
Wireless devices running certain Arcadyan-derived firmware such as KPN Experia WiFi 1.00.15 do not properly sanitise user input to the syslog configuration form. An authenticated remote attacker could leverage this to alter the device configuration and achieve remote code execution. This can be...
Buffalo Routers Directory Traversal (CVE-2021-20090; CVE-2021-20091)
A directory traversal vulnerability exists in Buffalo routers. Successful exploitation of this vulnerability could allow an attacker to access arbitrary files on the affected system...
Buffalo和Arcadyan多款路由器认证绕过RCE等多个漏洞
Tenable has discovered multiple vulnerabilities in routers manufactured by Arcadyan. During the disclosure process for the issues discovered in the Buffalo routers, Tenable discovered that CVE-2021-20090 affected many more devices, as the root cause of the vulnerability exists in the underlying...
Hackers Exploiting New Auth Bypass Bug Affecting Millions of Arcadyan Routers
Unidentified threat actors are actively exploiting a critical authentication bypass vulnerability to hijack home routers as part of an effort to co-opt them to a Mirai-variant botnet used for carrying out DDoS attacks, merely two days after its public disclosure. Tracked as CVE-2021-20090 CVSS...
CVE-2021-20090
creationtimestamp| type| source ---|---|--- 2021-08-04 11:27:01+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/3986 2021-08-08 08:22:21+00:00| exploited| https://t.me/cKure/6532 2021-08-08 14:28:35+00:00| exploited| https://t.me/CyberSecurityTechnologies/4021 2021-08-08...
Arcadyan-based routers and modems vulnerable to authentication bypass
Overview A path traversal vulnerability exists in numerous routers manufactured by multiple vendors using Arcadyan based software. This vulnerability allows an unauthenticated user access to sensitive information and allows for the alteration of the router configuration. Description The...
CVE-2021-20090
A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version = 1.02 and WSR-2533DHP3 firmware version = 1.24 could allow unauthenticated remote attackers to bypass authentication. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed...
CVE-2021-20090
The CVE-2021-20090 issue affects Buffalo WSR-series routers (WSR-2533DHPL2 <= 1.02 and WSR-2533DHP3