6 matches found
CVE-2019-13140
Inteno EG200 EG200-WU7P1UADAMO3.16.4-1902261650 routers have a JUCI ACL misconfiguration that allows the "user" account to extract the 3DES key via JSON commands to ubus. The 3DES key is used to decrypt the provisioning file provided by Adamo Telecom on a public URL via cleartext HTTP...
CVE-2019-13140
Inteno EG200 EG200-WU7P1UADAMO3.16.4-1902261650 routers have a JUCI ACL misconfiguration that allows the "user" account to extract the 3DES key via JSON commands to ubus. The 3DES key is used to decrypt the provisioning file provided by Adamo Telecom on a public URL via cleartext HTTP...
CVE-2019-13140
Inteno EG200 EG200-WU7P1UADAMO3.16.4-1902261650 routers have a JUCI ACL misconfiguration that allows the "user" account to extract the 3DES key via JSON commands to ubus. The 3DES key is used to decrypt the provisioning file provided by Adamo Telecom on a public URL via cleartext HTTP...
Design/Logic Flaw
Inteno EG200 EG200-WU7P1UADAMO3.16.4-1902261650 routers have a JUCI ACL misconfiguration that allows the "user" account to extract the 3DES key via JSON commands to ubus. The 3DES key is used to decrypt the provisioning file provided by Adamo Telecom on a public URL via cleartext HTTP...
CVE-2019-13140
CVE-2019-13140 affects Inteno EG200 series (EG200-WU7P1U_ADAMO3.16.4-190226_1650 and older). A JUCI ACL misconfiguration allows the non‑privileged user to extract the 3DES key via ubus JSON commands, enabling decryption of the provisioning file provided by Adamo Telecom from a public HTTP URL. Im...
Inteno IOPSYS Gateway - Improper Access Restrictions Vulnerability
Exploit Title: Inteno IOPSYS Gateway 3DES Key Extraction - Improper Access Restrictions Exploit Author: Gerard Fuguet email protected Vendor Homepage: https://www.intenogroup.com/ Version: EG200-WU7P1UADAMO3.16.4-1902261650 Fixed Version: EG200-WU7P1UADAMO3.16.8-1908200937 Affected Component: SIP...