CVE-2024-53937

An issue was discovered on Victure RX1800 WiFi 6 Router software ENV1.0.0r12110933, hardware 1.0 devices. The TELNET service is enabled by default with admin/admin as default credentials and is exposed over the LAN. The allows attackers to execute arbitrary commands with root-level permissions...

Design/Logic Flaw

Unauthenticated password hash disclosure in the User.getUserPWD method in eQ-3 AG Homematic CCU3 3.43.15 and earlier allows remote attackers to retrieve the GUI password hashes of GUI users. This vulnerability can be exploited by unauthenticated attackers with access to the web interface...

CVE-2019-9727

Unauthenticated password hash disclosure in the User.getUserPWD method in eQ-3 AG Homematic CCU3 3.43.15 and earlier allows remote attackers to retrieve the GUI password hashes of GUI users. This vulnerability can be exploited by unauthenticated attackers with access to the web interface...

CacheGuard-OS 5.7.7 - Cross-Site Request Forgery

CacheGuard-OS 5.7.7 - Cross-Site Request Forgery I. VULNERABILITY ------------------------- CSRF vulnerabilities in CacheGuard-OS v5.7.7 II. BACKGROUND ------------------------- CacheGuard is an All-in-One Web Security Gateway providing firewall, web antivirus, caching, compression, URL filtering...

Addonics NAS Adapter (bts.cgi) Remote DoS Exploit (post-auth)

No description provided by source. !/bin/bash Addonics NAS Adapter bts.cgi Post-Auth DoS Tested against NASU2FW41 Loader 1.17 Coded by Mike Cyr, aka h00die mcyr2 at csc dotcom Notes: Any of these BoF crashes the entire stack from the web GUI so throw a GET, and bye bye baby! Greetz to muts and...