296 matches found
D-link DIR-806 Stack Buffer Overflow Vulnerability
The Dlink DIR-806 is a wireless AC1200 dual-band router. A stack buffer overflow vulnerability exists in hnapmain in /htdocs/cgibin of the D-link DIR-806. The vulnerability can be exploited to run shellcode via a long HTTP header starting with "SOAPAction:...
The vulnerability of the Siveillance VMS software platform, related to access control deficiencies, allows a intruder to alter the device settings.
The vulnerability of the Siveillance VMS software platform relates to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to alter device settings using a web service...
VulnCheck KEV: CVE-2015-2051
D-Link DIR-645 Wired/Wireless Router allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface...
Androwarn - Yet Another Static Code Analyzer For Malicious Android Applications
Androwarn is a tool whose main aim is to detect and warn the user about potential malicious behaviours developped by an Android application. The detection is performed with the static analysis of the application's Dalvik bytecode, represented as Smali, with the androguard library. This analysis...
i4 assistant cross-site scripting vulnerability
i4 assistant is a specialized management tool for Apple mobile devices from China for Aipu Information Technology Company. A cross-site scripting vulnerability exists in i4 assistant version 7.85. The vulnerability can be exploited by remote attackers to inject arbitrary web script or HTML via th...
CVE-2018-9525
In the AndroidManifest.xml file defining the SliceBroadcastReceiver handler for com.android.settings.slice.action.WIFICHANGED, there is a possible permissions bypass due to a confused deputy. This could lead to local escalation of privilege, allowing a local attacker to change device settings, wi...
The vulnerability of Canon’s microprogrammed software for printers stems from deficiencies in authentication procedures, allowing attackers to gain access to the device’s web interface with administrator privileges.
The vulnerability of Canon printer’s microprogramming software is related to deficiencies in the authentication process when using standard device settings. Exploiting this vulnerability can allow a malicious actor to gain access to the device’s web interface with administrator privileges...
Sonos Speakers Information Disclosure Vulnerability (Apr 2018) - Active Check
Sonos speakers are prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPEPREFIX = "cpe:/a:sonos:...
How to restrict users to access device settings on Samsung devices in KIOSK mode
Restrict users to access device settings in Samsung KIOSK mode...
Software Defined Radio Attack Tool: RFCrack
RFCrack is my personal RF test bench, it was developed for testing RF communications between any physical device that communicates over sub Ghz frequencies. IoT devices, Cars, Alarm Systems etc… Testing was done with the Yardstick One on OSX, but RFCrack should work fine in linux. Current support...
Cross site request forgery (csrf)
An issue was discovered on DODOCOOL DC38 3-in-1 N300 Mini Wireless Range Extend RTN2-AW.GD.R3465.1.20161103 devices. A Cross-site request forgery CSRF vulnerability allows remote attackers to hijack the authentication of users for requests that modify all the settings. This vulnerability can lead...
VulnCheck KEV: CVE-2015-2052
Stack-based buffer overflow in the DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary code via a long string in a GetDeviceSettings action to the HNAP interface...
The vulnerability of the microprogrammed software of the BINOM3 Universal Multifunctional Electric Power Quality Meter lies in the lack of authentication, which allows attackers to gain access to the device’s settings.
The vulnerability of the microprogrammed software of the BINOM3 Universal Multifunctional Electric Power Quality Meter is related to the lack of authentication. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to the device and perform arbitrary settin...
CVE-2017-16563
Cross-Site Request Forgery CSRF in the Basic Settings screen on Vonage Grandstream HT802 devices allows attackers to modify settings, related to cgi-bin/update...
Moxa AWK-3131A Web Application Cross-Site Request Forgery Vulnerability(CVE-2016-8718)
Summary An exploitable Cross-Site Request Forgery vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted form can trick a client into making an unintentional request to the web server which will be treated as an...
CVE-2017-10846
Wi-Fi STATION L-02F Software version V10b and earlier allows remote attackers to bypass access restrictions to obtain information on device settings via unspecified vectors...
Authentication flaw
Wi-Fi STATION L-02F Software version V10b and earlier allows remote attackers to bypass access restrictions to obtain information on device settings via unspecified vectors...
CVE-2017-10846
Wi-Fi STATION L-02F Software version V10b and earlier allows remote attackers to bypass access restrictions to obtain information on device settings via unspecified vectors...
MFC-J960DWN vulnerable to cross-site request forgery
Overview MFC-J960DWN provided by BROTHER INDUSTRIES, LTD. is a MultiFunction Printer. MFC-J960DWN contains a cross-site request forgery vulnerability CWE-352. Taiga Asano reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
WK UDID v1.0.1 iOS - Command Inject Vulnerability
Document Title: =============== WK UDID v1.0.1 iOS - Command Inject Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1539 Release Date: ============= 2016-05-02 Vulnerability Laboratory ID VL-ID: ==================================== 1539...