32 matches found
EUVD-2015-0932
Malware in sbrugna...
EUVD-2017-18075
Malware in sbrugna...
Default credentials
Ceragon FibeAir IP-10 have a default SSH public key in the authorizedkeys file for the mateidu user, which allows remote attackers to obtain SSH access by leveraging knowledge of the private key...
CVE-2015-0936
Ceragon FibeAir IP-10 have a default SSH public key in the authorizedkeys file for the mateidu user, which allows remote attackers to obtain SSH access by leveraging knowledge of the private key...
CVE-2015-0936
Ceragon FibeAir IP-10 have a default SSH public key in the authorizedkeys file for the mateidu user, which allows remote attackers to obtain SSH access by leveraging knowledge of the private key...
CVE-2015-0936
Ceragon FibeAir IP-10 devices are affected by CVE-2015-0936 due to a static SSH keypair for the mateidu user shipped with the device. The public/private key enables passwordless SSH authentication, allowing remote access to the device if the private key is known. Available connected documents cor...
CVE-2017-9137
Ceragon FibeAir IP-10 wireless radios through 7.2.0 have a default password of mateidu for the mateidu account a hidden user account established by the vendor. This account can be accessed via both the web interface and SSH. In the web interface, this simply grants an attacker read-only access to...
Default credentials
Ceragon FibeAir IP-10 wireless radios through 7.2.0 have a default password of mateidu for the mateidu account a hidden user account established by the vendor. This account can be accessed via both the web interface and SSH. In the web interface, this simply grants an attacker read-only access to...
CVE-2017-9137
Ceragon FibeAir IP-10 wireless radios through 7.2.0 have a default password of mateidu for the mateidu account a hidden user account established by the vendor. This account can be accessed via both the web interface and SSH. In the web interface, this simply grants an attacker read-only access to...
CVE-2017-9137
CVE-2017-9137 affects Ceragon FibeAir IP-10 wireless radios up to version 7.2.0, where the hidden mateidu account has a default password. The mateidu account can be accessed via both the web interface (read-only access) and SSH (Linux shell access), enabling an attacker to reach device settings o...
CVE-2017-9137
Ceragon FibeAir IP-10 wireless radios through 7.2.0 have a default password of mateidu for the mateidu account a hidden user account established by the vendor. This account can be accessed via both the web interface and SSH. In the web interface, this simply grants an attacker read-only access to...
Ceragon FibeAir IP-10 7.2.0 Hidden User Backdoor Vulnerability
Exploit for hardware platform in category web applications + Credits: Ian Ling + Website: iancaling.com + Source: http://blog.iancaling.com/post/160817658078 Vendor: ================= https://www.ceragon.com Products: ====================== Ceragon FibeAir IP-10 =7.2.0 latest version Vulnerabilit...
Ceragon FibeAir IP-10 7.2.0 Hidden User Backdoor
Credits: Ian Ling + Website: iancaling.com + Source: http://blog.iancaling.com/post/160817658078 Vendor: ================= https://www.ceragon.com Products: ====================== Ceragon FibeAir IP-10 =7.2.0 latest version Vulnerability Types: =================== Hidden User Backdoor...
Authentication flaw
In the GUI of Ceragon FibeAir IP-10 before 7.2.0 devices, a remote attacker can bypass authentication by adding an ALBATROSS cookie with the value 0-4-11 to their browser...
CVE-2016-10309
In the GUI of Ceragon FibeAir IP-10 before 7.2.0 devices, a remote attacker can bypass authentication by adding an ALBATROSS cookie with the value 0-4-11 to their browser...
CVE-2016-10309
In the GUI of Ceragon FibeAir IP-10 before 7.2.0 devices, a remote attacker can bypass authentication by adding an ALBATROSS cookie with the value 0-4-11 to their browser...
CVE-2016-10309
CVE-2016-10309 affects Ceragon FibeAir IP-10 devices with firmware older than 7.2.0. A remote attacker can bypass GUI authentication by sending a browser cookie named ALBATROSS with value 0-4-11, enabling access without credentials. NVD CVSS: 3.0/9.8 (CRITICAL; NETWORK, LOW attack complexity, no ...
CVE-2016-10309
In the GUI of Ceragon FibeAir IP-10 before 7.2.0 devices, a remote attacker can bypass authentication by adding an ALBATROSS cookie with the value 0-4-11 to their browser...
Ceragon FibeAir IP-10 - SSH Private Key Exposure Exploit
Exploit for linux platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'net/ssh' class MetasploitModule 'Ceragon FibeAir IP-10 SSH Private Key Exposure',...
Ceragon FibeAir IP-10 Authentication Bypass Vulnerability
The Ceragon FibeAir IP-10 is a wireless microwave transmission device from Ceragon Israel. An authentication bypass vulnerability exists in Ceragon FibeAir IP-10 versions prior to 7.2.0, which can be exploited by an attacker to bypass the authentication mechanism and perform unauthorized operatio...