EUVD-2017-3203

Malware in sbrugna...

EUVD-2017-3202

Malware in sbrugna...

CVE-2017-11589

On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is no access control for info.html, wancfg.cmd, rtroutecfg.cmd, arpview.cmd, cpuview.cmd, memoryview.cmd, statswan.cmd,...

CVE-2017-11587

On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is directory traversal in the filename parameter to the /download.conf URI...

Command injection

On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is remote command execution via shell metacharacters in the pingAddr parameter to the waitPingqry.cgi URI. The command...

CVE-2017-11588

On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is remote command execution via shell metacharacters in the pingAddr parameter to the waitPingqry.cgi URI. The command...

Directory traversal

On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is directory traversal in the filename parameter to the /download.conf URI...

CVE-2017-11587

On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is directory traversal in the filename parameter to the /download.conf URI...

CVE-2017-11589

On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is no access control for info.html, wancfg.cmd, rtroutecfg.cmd, arpview.cmd, cpuview.cmd, memoryview.cmd, statswan.cmd,...

CVE-2017-11588

Summary: CVE-2017-11588 affects Cisco DDR2200 and DDR2201v1 ADSL2+ Residential Gateways. A remote command execution vulnerability exists due to shell metacharacters in the pingAddr parameter of the waitPingqry.cgi endpoint, with the attacker’s command output retrievable at /PingMsg.cmd. The NVD r...

Cisco DDR2200 ADSL2+ Residential Gateway and DDR2201v1 ADSL2+ Residential Gateway Remote Code Execution Vulnerabilities

The Cisco DDR2200 ADSL2+ Residential Gateway and DDR2201v1 ADSL2+ Residential Gateway are both home wireless gateway devices from Cisco. Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA- A remote code...

Cisco DDR2200 ADSL2+ Residential Gateway and DDR2201v1 ADSL2+ Residential Gateway Directory Traversal Vulnerability

The Cisco DDR2200 ADSL2+ Residential Gateway and DDR2201v1 ADSL2+ Residential Gateway are both home wireless gateway devices from Cisco. The Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E version and the DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-...

CVE-2017-11589

CVE-2017-11589 affects Cisco DDR2200/DDR2201v1 ADSL2+ Residential Gateways. The issue is a lack of access control for multiple management pages (e.g., info.html, wancfg.cmd, rtroutecfg.cmd, etc.), allowing potential unauthorized access to sensitive configuration views. Public descriptions in NVD/...

CVE-2017-11587

CVE-2017-11587 affects Cisco DDR2200 ADSL2+ and DDR2201v1 ADSL2+ Residential Gateways. A directory traversal flaw exists in the filename parameter to the /download.conf URI, allowing potential access to arbitrary files on affected devices. Multiple sources (NVD entry and CNVD/CVE records) corrobo...

Cisco DDR2200 / 2201v1 Insecure Direct Object Reference / Path Traversal Vulnerabilities

Cisco DDR2200 and 2201v1 ADSL2+ Residential Gateway devices suffer from insecure direct object reference vulnerabilities that allow for remote code execution as well as a path traversal issue. Copyright and Disclaimer The information in this advisory is Copyright 2017 Conviso and provided so that...

Cisco DDR2200 / 2201v1 Insecure Direct Object Reference / Path Traversal

Copyright and Disclaimer The information in this advisory is Copyright 2017 Conviso and provided so that the society can understand the risk they may be facing by running affected software, hardware or other components used on their systems. In case you wish to copy information from this advisory...