12 matches found
EUVD-2017-2990
Malware in sbrugna...
CVE-2019-13140
Inteno EG200 EG200-WU7P1UADAMO3.16.4-1902261650 routers have a JUCI ACL misconfiguration that allows the "user" account to extract the 3DES key via JSON commands to ubus. The 3DES key is used to decrypt the provisioning file provided by Adamo Telecom on a public URL via cleartext HTTP...
CVE-2019-13140
Inteno EG200 EG200-WU7P1UADAMO3.16.4-1902261650 routers have a JUCI ACL misconfiguration that allows the "user" account to extract the 3DES key via JSON commands to ubus. The 3DES key is used to decrypt the provisioning file provided by Adamo Telecom on a public URL via cleartext HTTP...
Design/Logic Flaw
Inteno EG200 EG200-WU7P1UADAMO3.16.4-1902261650 routers have a JUCI ACL misconfiguration that allows the "user" account to extract the 3DES key via JSON commands to ubus. The 3DES key is used to decrypt the provisioning file provided by Adamo Telecom on a public URL via cleartext HTTP...
CVE-2019-13140
CVE-2019-13140 affects Inteno EG200 series (EG200-WU7P1U_ADAMO3.16.4-190226_1650 and older). A JUCI ACL misconfiguration allows the non‑privileged user to extract the 3DES key via ubus JSON commands, enabling decryption of the provisioning file provided by Adamo Telecom from a public HTTP URL. Im...
CVE-2019-13140
Inteno EG200 EG200-WU7P1UADAMO3.16.4-1902261650 routers have a JUCI ACL misconfiguration that allows the "user" account to extract the 3DES key via JSON commands to ubus. The 3DES key is used to decrypt the provisioning file provided by Adamo Telecom on a public URL via cleartext HTTP...
Inteno IOPSYS Gateway - Improper Access Restrictions
Exploit Title: Inteno IOPSYS Gateway 3DES Key Extraction - Improper Access Restrictions Date: 2019-06-29 Exploit Author: Gerard Fuguet [email protected] Vendor Homepage: https://www.intenogroup.com/ Version: EG200-WU7P1UADAMO3.16.4-1902261650 Fixed Version: EG200-WU7P1UADAMO3.16.8-1908200937...
Inteno IOPSYS Gateway - Improper Access Restrictions
Inteno IOPSYS Gateway - Improper Access Restrictions Exploit Title: Inteno IOPSYS Gateway 3DES Key Extraction - Improper Access Restrictions Date: 2019-06-29 Exploit Author: Gerard Fuguet [email protected] Vendor Homepage: https://www.intenogroup.com/ Version: EG200-WU7P1UADAMO3.16.4-1902261650...
Design/Logic Flaw
Inteno routers have a JUCI ACL misconfiguration that allows the "user" account to read files, write to files, and add root SSH keys via JSON commands to ubus. Exploitation is sometimes easy because the "user" password might be "user" or might match the Wi-Fi key...
CVE-2017-11361
Inteno routers have a JUCI ACL misconfiguration that allows the "user" account to read files, write to files, and add root SSH keys via JSON commands to ubus. Exploitation is sometimes easy because the "user" password might be "user" or might match the Wi-Fi key...
CVE-2017-11361
Inteno routers are affected by CVE-2017-11361 due to a JUCI ACL misconfiguration. The issue allows the low-privilege "user" account to read and write files and to add a root SSH key by sending JSON commands to ubus. Exploitation is sometimes easy because the "user" password might be the default "...
CVE-2017-11361
Inteno routers have a JUCI ACL misconfiguration that allows the "user" account to read files, write to files, and add root SSH keys via JSON commands to ubus. Exploitation is sometimes easy because the "user" password might be "user" or might match the Wi-Fi key...