EUVD-2019-4673

Malware in sbrugna...

📄 Hecate PC Remote Control 1.6.1.0 Remote Code Execution

Hecate PC Remote Control version 1.6.1.0 listens on UDP port 48436 and accepts unauthenticated JSON commands for keyboard and mouse input. This lack of authentication allows a remote attacker to simulate user interaction, open system dialogs, and execute arbitrary commands. Exploit Title: Hecate ...

CVE-2019-13140

Inteno EG200 EG200-WU7P1UADAMO3.16.4-1902261650 routers have a JUCI ACL misconfiguration that allows the "user" account to extract the 3DES key via JSON commands to ubus. The 3DES key is used to decrypt the provisioning file provided by Adamo Telecom on a public URL via cleartext HTTP...

CVE-2019-13140

Inteno EG200 EG200-WU7P1UADAMO3.16.4-1902261650 routers have a JUCI ACL misconfiguration that allows the "user" account to extract the 3DES key via JSON commands to ubus. The 3DES key is used to decrypt the provisioning file provided by Adamo Telecom on a public URL via cleartext HTTP...

CVE-2019-13140

CVE-2019-13140 affects Inteno EG200 series (EG200-WU7P1U_ADAMO3.16.4-190226_1650 and older). A JUCI ACL misconfiguration allows the non‑privileged user to extract the 3DES key via ubus JSON commands, enabling decryption of the provisioning file provided by Adamo Telecom from a public HTTP URL. Im...

CVE-2019-13140

Inteno EG200 EG200-WU7P1UADAMO3.16.4-1902261650 routers have a JUCI ACL misconfiguration that allows the "user" account to extract the 3DES key via JSON commands to ubus. The 3DES key is used to decrypt the provisioning file provided by Adamo Telecom on a public URL via cleartext HTTP...

Inteno IOPSYS Gateway 3DES Key Extraction Improper Access

Exploit Title: Inteno IOPSYS Gateway 3DES Key Extraction - Improper Access Restrictions Date: 2019-06-29 Exploit Author: Gerard Fuguet [email protected] Vendor Homepage: https://www.intenogroup.com/ Version: EG200-WU7P1UADAMO3.16.4-1902261650 Fixed Version: EG200-WU7P1UADAMO3.16.8-1908200937...

Inteno IOPSYS Gateway - Improper Access Restrictions Vulnerability

Exploit Title: Inteno IOPSYS Gateway 3DES Key Extraction - Improper Access Restrictions Exploit Author: Gerard Fuguet email protected Vendor Homepage: https://www.intenogroup.com/ Version: EG200-WU7P1UADAMO3.16.4-1902261650 Fixed Version: EG200-WU7P1UADAMO3.16.8-1908200937 Affected Component: SIP...

CVE-2017-11361

Inteno routers have a JUCI ACL misconfiguration that allows the "user" account to read files, write to files, and add root SSH keys via JSON commands to ubus. Exploitation is sometimes easy because the "user" password might be "user" or might match the Wi-Fi key...

CVE-2017-11361

Inteno routers are affected by CVE-2017-11361 due to a JUCI ACL misconfiguration. The issue allows the low-privilege "user" account to read and write files and to add a root SSH key by sending JSON commands to ubus. Exploitation is sometimes easy because the "user" password might be the default "...

CVE-2017-11361

Inteno routers have a JUCI ACL misconfiguration that allows the "user" account to read files, write to files, and add root SSH keys via JSON commands to ubus. Exploitation is sometimes easy because the "user" password might be "user" or might match the Wi-Fi key...