Authentication flaw

iball Baton 150M iB-WRA150N v1 00000001 1.2.6 build 110401 Rel.47776n devices are prone to an authentication bypass vulnerability that allows remote attackers to view and modify administrative router settings by reading the HTML source code of the password.cgi file...

CVE-2017-6558

iball Baton 150M iB-WRA150N v1 00000001 1.2.6 build 110401 Rel.47776n devices are prone to an authentication bypass vulnerability that allows remote attackers to view and modify administrative router settings by reading the HTML source code of the password.cgi file...

COMTREND CT-5361T Router - 'Password.cgi' Cross-Site Request Forgery (Admin Password Manipulation)

source: https://www.securityfocus.com/bid/67033/info Comtrend CT-5361T ADSL Router is prone to a cross-site scripting vulnerability and a cross-site request-forgery vulnerability. An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of an unsuspecting user...

ASMAX AR 1004g Authentication Bypass Vulnerability

Exploit for hardware platform in category web applications Exploit Title: ASMAX AR 1004g Authentication Bypass Date: 30.01.2013 Exploit Author: lucyoa Vendor Homepage: asmax.pl ASMAX AR 1004g is the most popular router device from asmax. ------------------- Device Info --------------------------...

CVE-2012-5320

Cross-site request forgery CSRF vulnerability in password.cgi in Sagem F@ST 2604 253180972B allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the sysPassword parameter...

CVE-2012-5320

CVE-2012-5320 : CSRF vulnerability in Sagem F@ST 2604 253180972B, in password.cgi, allows remote attackers to hijack administrator authentication and change the password via the sysPassword parameter. Affected component: password.cgi on Sagem F@ST 2604 series. Root cause: CSRF enabling password c...