58 matches found
VulnCheck KEV: CVE-2020-11963
IQrouter through 3.3.1, when unconfigured, has multiple remote code execution vulnerabilities in the web-panel because of Bash Shell Metacharacter Injection. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configurati...
Researchers Warn RondoDox Botnet is Weaponizing Over 50 Flaws Across 30+ Vendors
Malware campaigns distributing the RondoDox botnet have expanded their targeting focus to exploit more than 50 vulnerabilities across over 30 vendors. The activity, described as akin to an "exploit shotgun" approach, has singled out a wide range of internet-exposed infrastructure, including...
CVE-2020-11968
In the web-panel in IQrouter through 3.3.1, remote attackers can read system logs because of Incorrect Access Control. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration which has a required step for settin...
CVE-2020-11965
In IQrouter through 3.3.1, there is a root user without a password, which allows attackers to gain full remote access via SSH. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration which has a required step fo...
CVE-2020-11967
In IQrouter through 3.3.1, remote attackers can control the device restart network, reboot, upgrade, reset because of Incorrect Access Control. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration which has a...
CVE-2020-11963
IQrouter through 3.3.1, when unconfigured, has multiple remote code execution vulnerabilities in the web-panel because of Bash Shell Metacharacter Injection. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configurati...
CVE-2020-11964
In IQrouter through 3.3.1, the Lua function diagsetpassword in the web-panel allows remote attackers to change the root password arbitrarily. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration which has a...
CVE-2020-11966
In IQrouter through 3.3.1, the Lua function resetpassword in the web-panel allows remote attackers to change the root password arbitrarily. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration which has a...
Evenroute IQrouter has an unspecified vulnerability (CNVD-2020-25367)
Evenroute IQrouter is a smart router from Evenroute USA. A security vulnerability exists in Evenroute IQrouter 3.3.1 and earlier versions, which stems from an empty password for the root account. The vulnerability can be exploited by an attacker to gain full remote access with the help of the...
Evenroute IQrouter has an unspecified vulnerability (CNVD-2020-25366)
Evenroute IQrouter is an intelligent router from Evenroute USA. A security vulnerability exists in the 'diagsetpassword' function in the web panel in Evenroute IQrouter 3.3.1 and earlier versions. A remote attacker can exploit this vulnerability to arbitrarily change the root account password...
Evenroute IQrouter has an unspecified vulnerability (CNVD-2020-25368)
Evenroute IQrouter is a smart router from Evenroute USA. A security vulnerability exists in the 'resetpassword' function in the web panel in Evenroute IQrouter 3.3.1 and earlier versions. A remote attacker can exploit this vulnerability to arbitrarily change the password of the root account...
Evenroute IQrouter Log Message Disclosure Vulnerability
Evenroute IQrouter is a smart router from Evenroute USA. A security vulnerability exists in the Web panel in Evenroute IQrouter 3.3.1 and earlier versions, which stems from incorrect access control. A remote attacker could exploit the vulnerability to read system logs...
Unspecified Vulnerability in Evenroute IQrouter
Evenroute IQrouter is a smart router from Evenroute USA. A security vulnerability exists in Evenroute IQrouter 3.3.1 and earlier versions that stems from incorrect access control. An attacker can exploit the vulnerability to take control of the device reboot the network, upgrade, reset, etc...
Evenroute IQrouter Operating System Command Injection Vulnerability
Evenroute IQrouter is a smart router from Evenroute USA. A remote code execution vulnerability exists in the web panel in Evenroute IQrouter 3.3.1 and earlier versions. An attacker can exploit this vulnerability to gain root privileges...
CVE-2020-11968
In the web-panel in IQrouter through 3.3.1, remote attackers can read system logs because of Incorrect Access Control. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration which has a required step for settin...
CVE-2020-11967
In IQrouter through 3.3.1, remote attackers can control the device restart network, reboot, upgrade, reset because of Incorrect Access Control. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration which has a...
CVE-2020-11968
In the web-panel in IQrouter through 3.3.1, remote attackers can read system logs because of Incorrect Access Control. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration which has a required step for settin...
CVE-2020-11967
In IQrouter through 3.3.1, remote attackers can control the device restart network, reboot, upgrade, reset because of Incorrect Access Control. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration which has a...
CVE-2020-11966
In IQrouter through 3.3.1, the Lua function resetpassword in the web-panel allows remote attackers to change the root password arbitrarily. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration which has a...
CVE-2020-11964
In IQrouter through 3.3.1, the Lua function diagsetpassword in the web-panel allows remote attackers to change the root password arbitrarily. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration which has a...