Eir’s D1000 Modem Is Wide Open To Being Hacked.

Background The Eir D1000 Modem has bugs that allow an attacker to gain full control of the modem from the Internet. The modem could then be used to hack into internal computers on the network, as a proxy host to hack other computers or even as a bot in a botnet. A port scan of the the modem...

Eir D1000 Arbitrary Command Execution Vulnerability

The Eir D1000 is a modem from Eir Ireland. A security vulnerability exists in the Eir D1000 modem that stems from the program failing to properly restrict the TR-064 protocol. A remote attacker can exploit the vulnerability to execute arbitrary commands on TCP port 7547...

CVE-2016-10372

The Eir D1000 modem does not properly restrict the TR-064 protocol, which allows remote attackers to execute arbitrary commands via TCP port 7547, as demonstrated by opening WAN access to TCP port 80, retrieving the login password which defaults to the Wi-Fi password, and using the NewNTPServer...

Design/Logic Flaw

The Eir D1000 modem does not properly restrict the TR-064 protocol, which allows remote attackers to execute arbitrary commands via TCP port 7547, as demonstrated by opening WAN access to TCP port 80, retrieving the login password which defaults to the Wi-Fi password, and using the NewNTPServer...

CVE-2016-10372

The Eir D1000 modem does not properly restrict the TR-064 protocol, which allows remote attackers to execute arbitrary commands via TCP port 7547, as demonstrated by opening WAN access to TCP port 80, retrieving the login password which defaults to the Wi-Fi password, and using the NewNTPServer...

CVE-2016-10372

CVE-2016-10372 affects the Eir D1000 modem. The root cause is improper restriction of the TR-064 protocol, allowing remote attackers to execute arbitrary commands via TCP port 7547. Reported demonstrations include opening WAN access to port 80, retrieving the login password (which defaults to the...

Zyxel D1000 CWMP Get Default Password

Nessus was able to acquire the password from the Zyxel D1000 device by using CWMP commands over the TR-064 protocol. This protocol is typically open on port 7547. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid96448; scriptversion"1.5";...

Zyxel / Eir D1000 DSL Modem NewNTPServer Command Injection Over TR-064 Exploit

Broadband DSL modems manufactured by Zyxel and distributed by some European ISPs are vulnerable to a command injection vulnerability when setting the 'NewNTPServer' value using the TR-64 SOAP-based configuration protocol. In the tested case, no authentication is required to set this value on...

Zyxel/Eir D1000 DSL Modem NewNTPServer Command Injection Over TR-064

require 'msf/core' class MetasploitModule 'Zyxel/Eir D1000 DSL Modem NewNTPServer Command Injection Over TR-064', 'Description' = %q Broadband DSL modems manufactured by Zyxel and distributed by some European ISPs are vulnerable to a command injection vulnerability when setting the 'NewNTPServer'...

VulnCheck KEV: CVE-2016-10372

The Eir D1000 modem does not properly restrict the TR-064 protocol, which allows remote attackers to execute arbitrary commands via TCP port 7547, as demonstrated by opening WAN access to TCP port 80, retrieving the login password which defaults to the Wi-Fi password, and using the NewNTPServer...

Zyxel/Eir D1000 DSL Modem NewNTPServer Command Injection Over TR-064

Broadband DSL modems manufactured by Zyxel and distributed by some European ISPs are vulnerable to a command injection vulnerability when setting the 'NewNTPServer' value using the TR-64 SOAP-based configuration protocol. In the tested case, no authentication is required to set this value on...

Eir D1000 Routers Remote Code Execution

A vulnerability exists in the firmware of Eir D1000 routers. A remote unauthenticated attacker could exploit this vulnerability in order to run arbitrary code on the affected device...

Eir D1000 Modem CWMP Remote Command Execution

The Eir D1000 Modem has bugs that allow an attacker to gain full control of the modem from the Internet. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Eir D1000 Wireless Router - WAN Side Remote Command Injection (Metasploit)

=begin Exploit Title: Eir D1000 Wireless Router - WAN Side Remote Command Injection Date: 7th November 2016 Exploit Author: Kenzo Website: https://devicereversing.wordpress.com Tested on Firmware version: 2.00AADU.520150909 Type: Webapps Platform: Hardware Description =========== By sending certa...

Eir D1000 Wireless Router - WAN Side Remote Command Injection (Metasploit)

Eir D1000 Wireless Router - WAN Side Remote Command Injection Metasploit =begin Exploit Title: Eir D1000 Wireless Router - WAN Side Remote Command Injection Date: 7th November 2016 Exploit Author: Kenzo Website: https://devicereversing.wordpress.com Tested on Firmware version: 2.00AADU.520150909...