175 matches found
CVE-2019-9974
diagtool.cgi on DASAN H660RM GPON routers with firmware 1.03-0022 lacks any authorization check, which allows remote attackers to run a ping command via a GET request to enumerate LAN devices or crash the router with a DoS attack...
Authorization
diagtool.cgi on DASAN H660RM GPON routers with firmware 1.03-0022 lacks any authorization check, which allows remote attackers to run a ping command via a GET request to enumerate LAN devices or crash the router with a DoS attack...
CVE-2019-9974
diagtool.cgi on DASAN H660RM GPON routers with firmware 1.03-0022 lacks any authorization check, which allows remote attackers to run a ping command via a GET request to enumerate LAN devices or crash the router with a DoS attack...
CVE-2019-9974
CVE-2019-9974 affects DASAN H660RM GPON routers running firmware 1.03-0022. diag_tool.cgi lacks any authorization, enabling remote attackers to spawn ping processes via a GET request to enumerate LAN hosts or cause DoS by memory exhaustion. The lack of auth in diag_get_result.cgi also allows retr...
The Ping is the Thing: Popular HTML5 Feature Used to Trick Chinese Mobile Users into Joining Latest DDoS Attack
DDoS attacks have always been a major threat to network infrastructure and web applications. Attackers are always creating new ways to exploit legitimate services for malicious purposes, forcing us to constantly research DDoS attacks in our CDN to build advanced mitigations. We recently...
Cisco RV320 Command Injection Vulnerability
Command injection vulnerability in the web-based certificate generator feature of the Cisco RV320 router which was inadequately patched by the vendor. Cisco RV320 Command Injection Vulnerability Product: Cisco RV320 Dual Gigabit WAN VPN Router, possibly others Affected Versions: 1.4.2.15 through...
Cisco RV320 Dual Gigabit WAN VPN Router 1.4.2.15 - Command Injection
RedTeam Pentesting discovered a command injection vulnerability in the web-based certificate generator feature of the Cisco RV320 router. Details ======= Product: Cisco RV320 Dual Gigabit WAN VPN Router, possibly others Affected Versions: 1.4.2.15 and later Fixed Versions: since 1.4.2.20...
Linux: Broadcast ICMP echo requests
Broadcast ICMP echo requests are used by the ping command to find all hosts on the network or subnet. An attacker can use Broadcast ICMP echo requests for a DoS/DDoS attack on the network. This script tests whether the Linux host is configured to ignore Broadcast ICMP echo requests...
SDWAN is getting crashed whenever PING command is executed from SDWAN GUI.
The SDWAN device is getting crashed whenever ping command is executed from SDWAN GUI and generates a core dump hariharana@sjanalysis-1 /upload/ftp/78474183/MCNSTSwithCoredump2ndNov201813.50PM/vwstsdir/coredump2018-11-02.13.42.22$ Thread 44 Thread 0x7ffb65fd3700 LWP 27556: 0 0x00007ffff58a4e5d in...
Polycom Command Shell Authorization Bypass
The login component of the Polycom Command Shell on Polycom HDX video endpoints, running software versions 3.0.5 and earlier, is vulnerable to an authorization bypass when simultaneous connections are made to the service, allowing remote network attackers to gain access to a sandboxed telnet prom...
D-Link DIR-816 Command Injection Vulnerability
D-Link DIR-816 A2 is a wireless router product from AUO D-Link. A command injection vulnerability exists in the D-Link DIR-816 A2 version 1.10 B05, which can be exploited by an attacker who builds the 'ping -c %s ...' command with the 'sendNum' parameter value. The vulnerability stems from the...
Crestron Multiple Products CTP Console PING Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Crestron's Android-based products. Authentication is not required to exploit this vulnerability. The specific flaw exists within the PING command of the CTP console. The issue results from the lack...
Remote Code Execution (RCE)
mcollective-client is vulnerable to remote code execution. This is due to the use of eval to evaluate comparison expressions in discovery filters, which allows an attacker to execute arbitrary code via the mco ping command...
Polycom HDX Series RCE
When doing external assessments you spend a decent amount of time footprinting your target and finding possible avenues of attack. Given a large corporate, you are pretty likely to hit video conferencing end-points. This post details a vulnerability in one of these video conferencing systems, the...
[SECURITY] Fedora 25 Update: perl-Net-Ping-External-0.15-11.fc25
Net::Ping::External is a module which interfaces with the "ping" command on many systems. It presently provides a single function, ping, that takes in a hostname and optionally a timeout and returns true if the host is alive, and false otherwise. Unless you have the ability and willingness to run...
[SECURITY] Fedora 26 Update: perl-Net-Ping-External-0.15-11.fc26
Net::Ping::External is a module which interfaces with the "ping" command on many systems. It presently provides a single function, ping, that takes in a hostname and optionally a timeout and returns true if the host is alive, and false otherwise. Unless you have the ability and willingness to run...
[SECURITY] Fedora 27 Update: perl-Net-Ping-External-0.15-11.fc27
Net::Ping::External is a module which interfaces with the "ping" command on many systems. It presently provides a single function, ping, that takes in a hostname and optionally a timeout and returns true if the host is alive, and false otherwise. Unless you have the ability and willingness to run...
The vulnerability of D-Link and TRENDnet’s microprogrammed router services allows attackers to execute arbitrary commands or bypass authentication mechanisms, thereby gaining full control over the device.
The vulnerability of D-Link and TRENDnet’s microprogrammed router software services is related to deficiencies in the authentication process when processing the ping command. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using the pingaddr parameter...
The vulnerability of D-Link and TRENDnet’s microprogrammed router services allows attackers to execute arbitrary commands or bypass authentication mechanisms, thereby gaining full control over the device.
The vulnerability of D-Link and TRENDnet’s microprogrammed router software services is related to deficiencies in the authentication process when processing the ping command. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using the pingaddr parameter...
The vulnerability of D-Link and TRENDnet’s microprogrammed router services allows attackers to execute arbitrary commands or bypass authentication mechanisms, thereby gaining full control over the device.
The vulnerability of D-Link and TRENDnet’s microprogrammed router software services is related to deficiencies in the authentication process when processing the ping command. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using the pingaddr parameter...