Drobo 5N2 4.1.1 - Remote Command Injection

Drobo 5N2 4.1.1 - Remote Command Injection Exploit Title: Drobo 5N2 4.1.1 - Remote Command Injection Date: 2020-03-12 Exploit Author: Rick Ramgattie, Ian Sindermann Vendor Homepage: https://www.drobo.com/ Version: 4.1.1 and lower. CVE: CVE-2018-14709, CVE-2018-14701 !/usr/bin/env python3 nasty.py...

Drobo 5N2 4.1.1 - Remote Command Injection

Exploit Title: Drobo 5N2 4.1.1 - Remote Command Injection Date: 2020-03-12 Exploit Author: Rick Ramgattie, Ian Sindermann Vendor Homepage: https://www.drobo.com/ Version: 4.1.1 and lower. CVE: CVE-2018-14709, CVE-2018-14701 !/usr/bin/env python3 nasty.py - A proof-of-concept utility for malicious...

CVE-2019-9484

The Glen Dimplex Deutschland GmbH implementation of the Carel pCOWeb configuration tool allows remote attackers to obtain access via an HTTP session on port 10000, as demonstrated by reading the modem password which is 1234, or reconfiguring "party mode" or "vacation mode."...

CVE-2019-9484

The CVE-2019-9484 entry concerns Glen Dimplex Deutschland GmbH’s implementation of the Carel pCOWeb configuration tool. The vulnerability allows remote attackers to gain access through an HTTP session on port 10000, enabling reading of the modem password and reconfiguration of “party mode” or “va...

CVE-2019-9484

The Glen Dimplex Deutschland GmbH implementation of the Carel pCOWeb configuration tool allows remote attackers to obtain access via an HTTP session on port 10000, as demonstrated by reading the modem password which is 1234, or reconfiguring "party mode" or "vacation mode."...