21 matches found
EUVD-2023-34771
Malicious code in bioql PyPI...
CVE-2023-30350
FS S3900-24T4S devices allow authenticated attackers with guest access to escalate their privileges and reset the admin password...
CVE-2020-24033
An issue was discovered in fs.com S3900 24T4S 1.7.0 and earlier. The form does not have an authentication or token authentication mechanism that allows remote attackers to forge requests on behalf of a site administrator to change all settings including deleting users, creating new users with...
CVE-2023-30350
CVE-2023-30350 affects FS S3900-24T4S switches. The issue is inadequate access control that lets an authenticated user with guest privileges escalate to admin and reset the admin password. Evidence shows exploitation in practice (e.g., exploit/test material via Packet Storm and Exploit-DB) demons...
CVE-2023-30350
FS S3900-24T4S devices allow authenticated attackers with guest access to escalate their privileges and reset the admin password...
CVE-2023-30350
FS S3900-24T4S devices allow authenticated attackers with guest access to escalate their privileges and reset the admin password...
FS-S3900-24T4S Privilege Escalation
Exploit Title: FS-S3900-24T4S Privilege Escalation Date: 29/04/2023 Exploit Author: Daniele Linguaglossa & Alberto Bruscino Vendor Homepage: https://www.fs.com/ Software Link: not available Version: latest Tested on: latest CVE : CVE-2023-30350 import sys import telnetlib def exploitargs: printar...
FS-S3900-24T4S - Privilege Escalation
Exploit Title: FS-S3900-24T4S Privilege Escalation Date: 29/04/2023 Exploit Author: Daniele Linguaglossa & Alberto Bruscino Vendor Homepage: https://www.fs.com/ Software Link: not available Version: latest Tested on: latest CVE : CVE-2023-30350 import sys import telnetlib def exploitargs: printar...
FS-S3900-24T4S 安全漏洞
The FS-S3900-24T4S is a switch from FS. A security vulnerability exists in the FS-S3900-24T4S that stems from the presence of privilege escalation...
FS-S3900-24T4S - Privilege Escalation Exploit
Exploit Title: FS-S3900-24T4S Privilege Escalation Exploit Author: Daniele Linguaglossa & Alberto Bruscino Vendor Homepage: https://www.fs.com/ Software Link: not available Version: latest Tested on: latest CVE : CVE-2023-30350 import sys import telnetlib def exploitargs: printargs if lenargs != ...
PT-2023-2944 · Fs · Fs S3900-24T4S
Name of the Vulnerable Software and Affected Versions: FS S3900-24T4S affected versions not specified Description: The issue is related to insufficient access control in the software of FS S3900-24T4S switches. It allows a remote attacker to escalate their privileges and reset the admin password...
fs.com S3900-24T4S Cross-Site Request Forgery Vulnerability
The fs.com S3900-24T4S is a Gigabit stackable switch from China's Feixiang Innovation fs. fs S3900-24T4S switch is equipped with 24 10/100/1000Base-T ports, 4 10G SFP+ uplink ports, supports up to 6 switches stacking, and is easy to operate with highly secure service processing capability, flexib...
CVE-2020-24033
An issue was discovered in fs.com S3900 24T4S 1.7.0 and earlier. The form does not have an authentication or token authentication mechanism that allows remote attackers to forge requests on behalf of a site administrator to change all settings including deleting users, creating new users with...
CVE-2020-24033
An issue was discovered in fs.com S3900 24T4S 1.7.0 and earlier. The form does not have an authentication or token authentication mechanism that allows remote attackers to forge requests on behalf of a site administrator to change all settings including deleting users, creating new users with...
Authentication flaw
An issue was discovered in fs.com S3900 24T4S 1.7.0 and earlier. The form does not have an authentication or token authentication mechanism that allows remote attackers to forge requests on behalf of a site administrator to change all settings including deleting users, creating new users with...
CVE-2020-24033
An issue was discovered in fs.com S3900 24T4S 1.7.0 and earlier. The form does not have an authentication or token authentication mechanism that allows remote attackers to forge requests on behalf of a site administrator to change all settings including deleting users, creating new users with...
CVE-2020-24033
The CVE-2020-24033 issue affects fs.com S3900-24T4S switches (version 1.7.0 and earlier). The root cause is a lack of authentication or token-based protection for form actions, enabling remote attackers to forge requests on behalf of a site administrator and alter all settings, including deleting...
Stack overflow
Stack-based buffer overflow in the HTTP module in the 1 Branch Intelligent Management System BIMS and 2 web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, S7800, and S8500 switches allows remote attackers to execute arbitrary code via a long URI...
CVE-2012-6571
The CVE-2012-6571 issue affects Huawei devices (AR routers and S-series switches: S2000, S3000, S3500, S3900, S5100, S5600, S7800). The HTTP module in the BIMS/web management components uses predictable Session ID values, enabling remote attackers to hijack sessions via brute-force. This is docum...
CVE-2012-6569
Stack-based buffer overflow in the HTTP module in the 1 Branch Intelligent Management System BIMS and 2 web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, S7800, and S8500 switches allows remote attackers to execute arbitrary code via a long URI...