General Electric D20ME TFTP Server Buffer Overflow / Denial of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework The General Electric D20 and possibly other devices have numerous buffer overruns in their TFTP servers and probably other servers. There are many buffer overruns like i...

General Electric D20 Password Recovery

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This module grabs the device configuration from a GE D20M RTU and parses the usernames and passwords from it. class MetasploitModule 'General Electric D20 Password...

CVE-2012-6663

General Electric D20ME devices are not properly configured and reveal plaintext passwords...

Code injection

General Electric D20ME devices are not properly configured and reveal plaintext passwords...

CVE-2012-6663

General Electric D20ME devices are not properly configured and reveal plaintext passwords...

CVE-2012-6663

CVE-2012-6663 affects General Electric D20ME/D20M RTUs. The available connected documentation confirms a vulnerability where device configurations are accessible via TFTP and reveal plaintext usernames and passwords due to improper configuration. The exploitation path is evidenced by the Metasplo...

General Electric D20 Password Recovery

A data leakage vulnerability has been reported in General Electric D20ME. The vulnerability is due to improper security restrictions. A remote attacker can exploit this issue by sending a specially crafted TFTP requests to the target. Successful exploitation would allow an attacker to steal...