11 matches found
CVE-2026-38057
The iDirect iQ200 does not validate CSRF tokens on state-changing API endpoints after authentication. The /api/reboot endpoint accepts POST requests authenticated solely by a session cookie that lacks the SameSite attribute. A remote attacker can host a malicious web page that, when visited by an...
CVE-2026-38059
The iDirect iQ200 exposes the /api/identity and /api/ REST API endpoints without authentication. An unauthenticated attacker with network access can retrieve sensitive device information including the serial number, Device ID DID, Terminal Private Key identifier TPK, MAC address, and exact firmwa...
CVE-2026-38059 ST Engineering iDirect iQ-Series Terminals Missing authentication for critical function
The iDirect iQ200 exposes the /api/identity and /api/ REST API endpoints without authentication. An unauthenticated attacker with network access can retrieve sensitive device information including the serial number, Device ID DID, Terminal Private Key identifier TPK, MAC address, and exact firmwa...
CVE-2026-38057 ST Engineering iDirect iQ-Series Terminals Cross-Site request forgery
The iDirect iQ200 does not validate CSRF tokens on state-changing API endpoints after authentication. The /api/reboot endpoint accepts POST requests authenticated solely by a session cookie that lacks the SameSite attribute. A remote attacker can host a malicious web page that, when visited by an...
EUVD-2024-51635
Malicious code in bioql PyPI...
CVE-2024-13502
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Newtec/iDirect NTC2218, NTC2250, NTC2299 on Linux, PowerPC, ARM allows Local Code Inclusion.This issue affects NTC2218, NTC2250, NTC2299: from 1.0.1.1 through 2.2.6.19. The commitmulticast pa...
CVE-2024-13502
CVE-2024-13502 affects Newtec/iDirect NTC2218, NTC2250, NTC2299 on Linux, PowerPC, ARM. The issue is an OS command injection caused by improper neutralization: the commit_multicast web interface page passes untrusted input to an eval in a bash script, enabling arbitrary shell commands (Local Code...
Newtec/iDirect NTC2218、Newtec/iDirect NTC2250和Newtec/iDirect NTC2299 操作系统命令注入漏洞
The Newtec/iDirect NTC2218 and others are a modem from Newtec/iDirect. An operating system command injection vulnerability exists in the Newtec/iDirect NTC2218, Newtec/iDirect NTC2250, and Newtec/iDirect NTC2299, which stems from an unsatisfactory neutralization of a special element that results ...
Newtec/iDirect NTC2218、Newtec/iDirect NTC2250和Newtec/iDirect NTC2299 安全漏洞
The Newtec/iDirect NTC2218 and others are a modem from Newtec/iDirect. A security vulnerability exists in the Newtec/iDirect NTC2218, Newtec/iDirect NTC2250, and Newtec/iDirect NTC2299, which stems from a buffer copy that does not check the size of the input, resulting in remote code inclusion...
PT-2025-2192 · Newtec · Newtec/Idirect Ntc2299 +2
Name of the Vulnerable Software and Affected Versions: Newtec/iDirect NTC2218, NTC2250, NTC2299 versions 1.0.1.1 through 2.2.6.19 Description: The issue affects the commit multicast page in the modem's web administration interface, which improperly parses incoming data from the request before...
VSAT Sailor 900 - Remote Exploit
VSAT Sailor 900 - Remote Exploit. Remote exploit for hardware platform / File : satcompwn.c - VSAT SAILOR SAT COM 900 Remote 0day Author : Nicholas Lemonias This is proprietary source code material of Advanced Information Security Corporation. Usage, distribution and modifications are pursuant to...