12 matches found
EUVD-2015-5935
Malware in sbrugna...
EUVD-2015-5934
Malware in sbrugna...
EUVD-2015-5936
Malware in sbrugna...
CVE-2015-5992
Cross-site scripting XSS vulnerability in form2WlanSetup.cgi on Philippine Long Distance Telephone PLDT SpeedSurf 504AN devices with firmware GAN9.8U26-4-TX-R6B018-PH.EN and Kasda KW58293 devices allows remote attackers to inject arbitrary web script or HTML via the ssid parameter...
CVE-2015-5991
Cross-site request forgery CSRF vulnerability in form2WlanSetup.cgi on Philippine Long Distance Telephone PLDT SpeedSurf 504AN devices with firmware GAN9.8U26-4-TX-R6B018-PH.EN and Kasda KW58293 devices allows remote attackers to hijack the authentication of administrators for requests that perfo...
Buffer overflow
Buffer overflow in form2ping.cgi on Philippine Long Distance Telephone PLDT SpeedSurf 504AN devices with firmware GAN9.8U26-4-TX-R6B018-PH.EN and Kasda KW58293 devices allows remote attackers to cause a denial of service device outage via a long ipaddr parameter...
CVE-2015-5991
Cross-site request forgery CSRF vulnerability in form2WlanSetup.cgi on Philippine Long Distance Telephone PLDT SpeedSurf 504AN devices with firmware GAN9.8U26-4-TX-R6B018-PH.EN and Kasda KW58293 devices allows remote attackers to hijack the authentication of administrators for requests that perfo...
CVE-2015-5993
The CVE-2015-5993 entry refers to a buffer overflow in the form2ping.cgi page of PLDT SpeedSurf 504AN devices (firmware GAN9.8U26-4-TX-R6B018-PH.EN) and Kasda KW58293 devices. A crafted, long ipaddr parameter can be sent via a POST request to trigger a denial of service (device outage). The conne...
CVE-2015-5992
The CVE-2015-5992 entry concerns Cross-Site Scripting (XSS) in the form2WlanSetup.cgi page of PLDT SpeedSurf 504AN (firmware GAN9.8U26-4-TX-R6B018-PH.EN) and Kasda KW58293 devices. The vulnerability arises from insufficient filtering of the ssid parameter, enabling a remote attacker to inject arb...
CVE-2015-5991
The CVE-2015-5991 CSRF vulnerability affects PLDT SpeedSurf 504AN (firmware GAN9.8U26-4-TX-R6B018-PH.EN) and Kasda KW58293 devices, via the form2WlanSetup.cgi page. The underlying issue is improper/authentication bypass for administrative actions, enabling a remote attacker to hijack an administr...
Phillipine Long Distance Telephone SpeedSurf 504AN and Kasda KW58293 Cross-Site Request Forgery Vulnerability
The Phillipine Long Distance Telephone PLDT SpeedSurf 504AN and the Kasda KW58293 are modem and router all-in-one units. The PLDT SpeedSurf 504AN and Kasda KW58293 form2WlanSetup.cgi page fails to perform authentication correctly, allowing a remote attacker to construct a malicious URI, which...
Philippine Long Distance Telephone SpeedSurf 504AN and Kasda KW58293 contain multiple vulnerabilities
Overview The Phillipine Long Distance Telephone PLDT company provides internet access in the Phillippines. The SpeedSurf 504AN and Kasda KW58293 modems distributed by PLDT contain multiple vulnerabilities. The BaudTec ADSL2+ Router may also be affected. Description PLDT provides SpeedSurf 504AN,...