151 matches found
CVE-2020-15833
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The Dropbear SSH daemon has been modified to accept an alternate hard-coded path to a public key that allows root access. This key is stored in a /rom location that cannot be modified by the device owner...
CVE-2013-3619
Intelligent Platform Management Interface IPMI with firmware for Supermicro X9 generation motherboards before SMTX9317 and firmware for Supermicro X8 generation motherboards before SMT X8 312 contain harcoded private encryption keys for the 1 Lighttpd web server SSL interface and the 2 Dropbear S...
CVE-2018-5399
The Auto-Maskin DCU 210E firmware contains an undocumented Dropbear SSH server, v2015.55, configured to listen on Port 22 while the DCU is running. The Dropbear server is configured with a hard-coded user name and password combination of root / amroot. The server is configured to use password onl...
Hardcoded credentials
The Auto-Maskin DCU 210E firmware contains an undocumented Dropbear SSH server, v2015.55, configured to listen on Port 22 while the DCU is running. The Dropbear server is configured with a hard-coded user name and password combination of root / amroot. The server is configured to use password onl...
The vulnerability of the SSH Dropbear session management software lies in insufficient input data validation, allowing an attacker to execute arbitrary code.
The vulnerability of the SSH Dropbear session management software exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by using the percent symbol “%” as a format specifier in arguments for “username” or “host”...
Dropbear Symlink Local File Read Vulnerability (CVE-2017-9079)
Dropbear is prone to a local file read vulnerability via symlinks. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Dropbear SSH < 2015.68.0 DoS
Binary data 700026.prm...
Dropbear SSH Remote < 0.43.0 Privilege Escalation
Binary data 700025.prm...
Dropbear SSH < 2016.72.0 Command Injection
Binary data 700027.prm...
Dropbear SSH Server Detection
Binary data 700029.prm...
CVE-2016-7407
The dropbearconvert command in Dropbear SSH before 2016.74 allows attackers to execute arbitrary code via a crafted OpenSSH key file...
CVE-2016-7406
Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the 1 username or 2 host argument...
Format string
Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the 1 username or 2 host argument...
CVE-2016-7406
Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the 1 username or 2 host argument...
CVE-2016-7406
Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the 1 username or 2 host argument...
CVE-2016-7408
The dbclient in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via a crafted 1 -m or 2 -c argument...
Code injection
The dbclient in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via a crafted 1 -m or 2 -c argument...
CVE-2016-7409
The dbclient and server in Dropbear SSH before 2016.74, when compiled with DEBUGTRACE, allows local users to read process memory via the -v argument, related to a failed remote ident...
CVE-2016-7409
The dbclient and server in Dropbear SSH before 2016.74, when compiled with DEBUGTRACE, allows local users to read process memory via the -v argument, related to a failed remote ident...
Design/Logic Flaw
The dbclient and server in Dropbear SSH before 2016.74, when compiled with DEBUGTRACE, allows local users to read process memory via the -v argument, related to a failed remote ident...