32 matches found
EUVD-2017-18075
Malware in sbrugna...
EUVD-2015-0932
Malware in sbrugna...
CVE-2015-0936
Ceragon FibeAir IP-10 have a default SSH public key in the authorizedkeys file for the mateidu user, which allows remote attackers to obtain SSH access by leveraging knowledge of the private key...
Default credentials
Ceragon FibeAir IP-10 have a default SSH public key in the authorizedkeys file for the mateidu user, which allows remote attackers to obtain SSH access by leveraging knowledge of the private key...
CVE-2015-0936
Ceragon FibeAir IP-10 have a default SSH public key in the authorizedkeys file for the mateidu user, which allows remote attackers to obtain SSH access by leveraging knowledge of the private key...
CVE-2015-0936
Ceragon FibeAir IP-10 devices are affected by CVE-2015-0936 due to a static SSH keypair for the mateidu user shipped with the device. The public/private key enables passwordless SSH authentication, allowing remote access to the device if the private key is known. Available connected documents cor...
CVE-2017-9137
Ceragon FibeAir IP-10 wireless radios through 7.2.0 have a default password of mateidu for the mateidu account a hidden user account established by the vendor. This account can be accessed via both the web interface and SSH. In the web interface, this simply grants an attacker read-only access to...
Default credentials
Ceragon FibeAir IP-10 wireless radios through 7.2.0 have a default password of mateidu for the mateidu account a hidden user account established by the vendor. This account can be accessed via both the web interface and SSH. In the web interface, this simply grants an attacker read-only access to...
CVE-2017-9137
Ceragon FibeAir IP-10 wireless radios through 7.2.0 have a default password of mateidu for the mateidu account a hidden user account established by the vendor. This account can be accessed via both the web interface and SSH. In the web interface, this simply grants an attacker read-only access to...
CVE-2017-9137
CVE-2017-9137 affects Ceragon FibeAir IP-10 wireless radios up to version 7.2.0, where the hidden mateidu account has a default password. The mateidu account can be accessed via both the web interface (read-only access) and SSH (Linux shell access), enabling an attacker to reach device settings o...
CVE-2017-9137
Ceragon FibeAir IP-10 wireless radios through 7.2.0 have a default password of mateidu for the mateidu account a hidden user account established by the vendor. This account can be accessed via both the web interface and SSH. In the web interface, this simply grants an attacker read-only access to...
Ceragon FibeAir IP-10 7.2.0 Hidden User Backdoor Vulnerability
Exploit for hardware platform in category web applications + Credits: Ian Ling + Website: iancaling.com + Source: http://blog.iancaling.com/post/160817658078 Vendor: ================= https://www.ceragon.com Products: ====================== Ceragon FibeAir IP-10 =7.2.0 latest version Vulnerabilit...
Ceragon FibeAir IP-10 7.2.0 Hidden User Backdoor
Credits: Ian Ling + Website: iancaling.com + Source: http://blog.iancaling.com/post/160817658078 Vendor: ================= https://www.ceragon.com Products: ====================== Ceragon FibeAir IP-10 =7.2.0 latest version Vulnerability Types: =================== Hidden User Backdoor...
CVE-2016-10309
In the GUI of Ceragon FibeAir IP-10 before 7.2.0 devices, a remote attacker can bypass authentication by adding an ALBATROSS cookie with the value 0-4-11 to their browser...
Authentication flaw
In the GUI of Ceragon FibeAir IP-10 before 7.2.0 devices, a remote attacker can bypass authentication by adding an ALBATROSS cookie with the value 0-4-11 to their browser...
CVE-2016-10309
In the GUI of Ceragon FibeAir IP-10 before 7.2.0 devices, a remote attacker can bypass authentication by adding an ALBATROSS cookie with the value 0-4-11 to their browser...
CVE-2016-10309
CVE-2016-10309 affects Ceragon FibeAir IP-10 devices with firmware older than 7.2.0. A remote attacker can bypass GUI authentication by sending a browser cookie named ALBATROSS with value 0-4-11, enabling access without credentials. NVD CVSS: 3.0/9.8 (CRITICAL; NETWORK, LOW attack complexity, no ...
CVE-2016-10309
In the GUI of Ceragon FibeAir IP-10 before 7.2.0 devices, a remote attacker can bypass authentication by adding an ALBATROSS cookie with the value 0-4-11 to their browser...
Ceragon FibeAir IP-10 - SSH Private Key Exposure Exploit
Exploit for linux platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'net/ssh' class MetasploitModule 'Ceragon FibeAir IP-10 SSH Private Key Exposure',...
Ceragon FibeAir IP-10 Authentication Bypass Vulnerability
The Ceragon FibeAir IP-10 is a wireless microwave transmission device from Ceragon Israel. An authentication bypass vulnerability exists in Ceragon FibeAir IP-10 versions prior to 7.2.0, which can be exploited by an attacker to bypass the authentication mechanism and perform unauthorized operatio...