EUVD-2017-5770

Malware in sbrugna...

EUVD-2017-5772

Malware in sbrugna...

EUVD-2017-5771

Malware in sbrugna...

EUVD-2018-2604

Malware in sbrugna...

EE 4GEE HH70VB-2BE8GB3 HH70_E1_02.00_19 Hard-Coded Credentails Vulnerability

Exploit for hardware platform in category web applications EE 4GEE HH70 Home Router Hardcoded Root SSH Credentials Advisory Hardware Version/Model: 4GEE Router HH70VB-2BE8GB3 HH70VB Vulnerable Software Version: HH70E102.0019 Patched Software Version: HH70E102.0021 Vulnerability CVEs: CVE-2018-105...

EE 4GEE HH70VB-2BE8GB3 HH70_E1_02.00_19 Hard-Coded Credentails

EE 4GEE HH70 Home Router Hardcoded Root SSH Credentials Advisory Hardware Version/Model: 4GEE Router HH70VB-2BE8GB3 HH70VB Vulnerable Software Version: HH70E102.0019 Patched Software Version: HH70E102.0021 Vulnerability CVEs: CVE-2018-10532 Product URL:...

Hardcoded credentials

An issue was discovered on EE 4GEE HH70VB-2BE8GB3 HH70E102.0019 devices. Hardcoded root SSH credentials were discovered to be stored within the "coreapp" binary utilised by the EE router for networking services. An attacker with knowledge of the default password oelinux123 could login to the rout...

CVE-2018-10532

CVE-2018-10532 affects EE 4GEE HH70VB-2BE8GB3 devices running HH70_E1_02.00_19. The vulnerability stems from hardcoded root SSH credentials stored in the core_app binary, allowing an attacker who knows the default password (oelinux123) to log in as root via SSH. This can lead to loss of confident...

EE 4GEE Mini EE40_00_02.00_44 - Privilege Escalation

EE 4GEE Mini EE400002.0044 - Privilege Escalation Title: EE 4GEE Mini EE400002.0044 - Privilege Escalation Date: 2018-09-22 Software Version: EE400002.0044 Tested on: Windows 10 64-bit and Windows 7 64-bit Exploit Author: Osanda Malith Jayathissa @OsandaMalith Original Advisory:...

EE 4GEE Mini Local Privilege Escalation

Title: EE 4GEE Mini Local Privilege Escalation Vulnerability Date: 22-09-2018 Software Version: EE400002.0044 Tested on: Windows 10 64-bit and Windows 7 64-bit Exploit Author: Osanda Malith Jayathissa @OsandaMalith Original Advisory:...

Cross site request forgery (csrf)

EE 4GEE WiFi MBB before EE600005.0031 devices have CSRF, related to goform/AddNewProfile, goform/setWanDisconnect, goform/setSMSAutoRedirectSetting, goform/setReset, and goform/uploadBackupSettings...

CVE-2017-14268

EE 4GEE WiFi MBB before EE600005.0031 devices have XSS in the smscontent parameter in a getSMSlist request...

CVE-2017-14267

EE 4GEE WiFi MBB before EE600005.0031 devices have CSRF, related to goform/AddNewProfile, goform/setWanDisconnect, goform/setSMSAutoRedirectSetting, goform/setReset, and goform/uploadBackupSettings...

CVE-2017-14268

EE 4GEE WiFi MBB before EE600005.0031 devices have XSS in the smscontent parameter in a getSMSlist request...

CVE-2017-14267

EE 4GEE WiFi MBB devices (before EE60_00_05.00_31) are affected by a Cross‑Site Request Forgery (CSRF) vulnerability in admin actions exposed via goform/AddNewProfile, goform/setWanDisconnect, goform/setSMSAutoRedirectSetting, goform/setReset, and goform/uploadBackupSettings. The issue enables un...

CVE-2017-14269

CVE-2017-14269 affects EE 4GEE WiFi MBB devices (before EE60_00_05.00_31). The vulnerability allows remote attackers to obtain sensitive data via a JSONP endpoint, demonstrated as passwords and SMS content exposure. The root cause is an insecure JSONP/endpoint handling that leaks confidential inf...