22 matches found
EUVD-2020-23413
Malware in sbrugna...
CVE-2020-35758
An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a Authentication Bypass in the Web Interface. This interface does not properly restrict access to internal functionality. Despite presenting a password login page on first access, authentication is not required to access...
CVE-2020-35758
An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a Authentication Bypass in the Web Interface. This interface does not properly restrict access to internal functionality. Despite presenting a password login page on first access, authentication is not required to access...
CVE-2020-35755
An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a luciservice Read NVRAM Direct Access Information Leak. The luciservice deamon running on port 7777 provides a sub-category of commands for which Read is prepended. Commands in this category are able to directly read the...
CVE-2020-35756
An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a luciservice GETPASS Configuration Password Information Leak. The luciservice daemon running on port 7777 does not require authentication to return the device configuration password in cleartext when using the GETPASS...
CVE-2020-35757
An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is Unauthenticated Root ADB Access Over TCP. The LS9 web interface provides functionality to access ADB over TCP. This is not enabled by default, but can be enabled by sending a crafted request to a web management interface...
CVE-2020-35755
An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a luciservice Read NVRAM Direct Access Information Leak. The luciservice deamon running on port 7777 provides a sub-category of commands for which Read is prepended. Commands in this category are able to directly read the...
CVE-2020-35757
An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is Unauthenticated Root ADB Access Over TCP. The LS9 web interface provides functionality to access ADB over TCP. This is not enabled by default, but can be enabled by sending a crafted request to a web management interface...
Design/Logic Flaw
An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a luciservice Read NVRAM Direct Access Information Leak. The luciservice deamon running on port 7777 provides a sub-category of commands for which Read is prepended. Commands in this category are able to directly read the...
Authentication flaw
An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a Authentication Bypass in the Web Interface. This interface does not properly restrict access to internal functionality. Despite presenting a password login page on first access, authentication is not required to access...
Design/Logic Flaw
An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a luciservice GETPASS Configuration Password Information Leak. The luciservice daemon running on port 7777 does not require authentication to return the device configuration password in cleartext when using the GETPASS...
CVE-2020-35758
The CVE-2020-35758 entry concerns Libre Wireless LS9 LS1.5/p7040 devices with a web interface authentication bypass. The issue allows unauthenticated access to privileged APIs because access restrictions on internal functionality are not properly enforced, despite a login page appearing. Document...
CVE-2020-35758
An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a Authentication Bypass in the Web Interface. This interface does not properly restrict access to internal functionality. Despite presenting a password login page on first access, authentication is not required to access...
CVE-2020-35757
An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is Unauthenticated Root ADB Access Over TCP. The LS9 web interface provides functionality to access ADB over TCP. This is not enabled by default, but can be enabled by sending a crafted request to a web management interface...
CVE-2020-35757
CVE-2020-35757 affects Libre Wireless LS9 LS1.5/p7040 devices. The issue is unauthenticated root ADB access over TCP via the LS9 web interface: the web management endpoint can be enabled by a crafted request, and requests to this endpoint do not require authentication, allowing any unauthenticate...
CVE-2020-35756
Summary: CVE-2020-35756 affects Libre Wireless LS9 LS1.5/p7040 devices. The luci_service daemon on port 7777 accepts a GETPASS command without authentication and returns the device configuration password in cleartext, enabling unauthenticated access to leak the user’s configuration password. Affe...
CVE-2020-35756
An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a luciservice GETPASS Configuration Password Information Leak. The luciservice daemon running on port 7777 does not require authentication to return the device configuration password in cleartext when using the GETPASS...
CVE-2020-35755
CVE-2020-35755 affects Libre Wireless LS9 LS1.5/p7040 devices. The issue is a direct information leak via the luci_service daemon on port 7777, where a Read_ command category enables reading the device configuration NVRAM. This allows access to sensitive data stored in NVRAM, including the Wi‑Fi ...
Libre Wireless 访问控制错误漏洞
The Libre Wireless LS9 is a networking device from Libre Wireless USA. A security vulnerability exists in the Libre Wireless LS9 LS1.5/p7040 devices that stems from having Unauthenticated Root ADB Access Over TCP.The web interface of the LS9 provides access to ADB over TCP...
Libre Wireless LS9 访问控制错误漏洞
Libre Wireless LS9 is a network device from Libre Wireless, Inc. Libre Wireless LS9 LS1.5/p7040 devices. an access control error vulnerability exists that stems from the luci service daemon running on port 7777 providing a subclass of commands with the Read prefix. Such commands can directly read...