5 matches found
CVE-2020-24034
Sagemcom F@ST 5280 routers using firmware version 1.150.61 have insecure deserialization that allows any authenticated user to perform a privilege escalation to any other user. By making a request with valid sessid, nonce, and ha1 values inside of the serialized session cookie, an attacker may...
CVE-2020-24034
Sagemcom F@ST 5280 routers using firmware version 1.150.61 have insecure deserialization that allows any authenticated user to perform a privilege escalation to any other user. By making a request with valid sessid, nonce, and ha1 values inside of the serialized session cookie, an attacker may...
CVE-2020-24034
CVE-2020-24034 affects Sagemcom F@ST 5280 routers running firmware version 1.150.61. The issue is an insecure deserialization in the authenticated flow that lets a logged-in user alter a serialized session cookie (sess_id, nonce, ha1) to assume another user’s role, including an internal account w...
Sagemcom F@ST 5280 Privilege Escalation Vulnerability
Sagemcom F@ST 5280 routers using firmware version 1.150.61, and possibly others, have an insecure deserialization vulnerability that allows any authenticated user to perform a privilege escalation to any other user. By making a request with valid sessid, nonce, and ha1 values inside of the...
Sagemcom F@ST 5280 Privilege Escalation
privilege escalation Date: 08-31-2020 Exploit Author: Ryan Delaney Author Contact: ryan.delaney owasp org Author LinkedIn: https://www.linkedin.com/in/infosecrd/ Vendor Homepage: https://sagemcom.com/en Software Link: N/A F@ST 5280 firmware not published Version: F@ST 5280 router, F/W 1.150.61,...