98 matches found
CVE-2020-29138
Technical details such as affected firmware versions, root-cause specifics, and exploitation information are not publicly provided in the supplied documents. Monitor for updates from vendors and official advisories.
CVE-2020-21733
Sagemcom F@ST3686 v1.0 HUN 3.97.0 has XSS via RgDiagnostics.asp, RgDdns.asp, RgFirewallEL.asp, RgVpnL2tpPptp.asp...
CVE-2020-21733
Sagemcom F@ST3686 v1.0 HUN 3.97.0 has XSS via RgDiagnostics.asp, RgDdns.asp, RgFirewallEL.asp, RgVpnL2tpPptp.asp...
Design/Logic Flaw
Sagemcom F@ST3686 v1.0 HUN 3.97.0 has XSS via RgDiagnostics.asp, RgDdns.asp, RgFirewallEL.asp, RgVpnL2tpPptp.asp...
CVE-2020-21733
Sagemcom F@ST3686 v1.0 HUN 3.97.0 has XSS via RgDiagnostics.asp, RgDdns.asp, RgFirewallEL.asp, RgVpnL2tpPptp.asp...
CVE-2020-21733
CVE-2020-21733 affects Sagemcom F@ST3686 v1.0 HUN 3.97.0 with XSS via RgDiagnostics.asp, RgDdns.asp, RgFirewallEL.asp, and RgVpnL2tpPptp.asp. The exact root cause, vulnerable input handling, and impact scope are not elaborated beyond XSS; no remediation details are provided in the connected docum...
PT-2020-15386
Name of the Vulnerable Software and Affected Versions Sagemcom F@ST3686 version 1.0 HUN 3.97.0 Description The issue is related to a security problem where an attacker can inject malicious code. The estimated number of potentially affected devices worldwide is not available. Technical details abo...
Sagemcom F@ST 5280 routers elevation of privilege vulnerability
Sagemcom F@ST 5280 routers is a router product. A deserialization vulnerability exists in firmware version 1.150.61 in the Sagemcom F@ST 5280 routers, which originates when any authenticated user performs an elevation of privilege on any other user. An attacker could exploit the vulnerability to...
CVE-2020-24034
Sagemcom F@ST 5280 routers using firmware version 1.150.61 have insecure deserialization that allows any authenticated user to perform a privilege escalation to any other user. By making a request with valid sessid, nonce, and ha1 values inside of the serialized session cookie, an attacker may...
CVE-2020-24034
Sagemcom F@ST 5280 routers using firmware version 1.150.61 have insecure deserialization that allows any authenticated user to perform a privilege escalation to any other user. By making a request with valid sessid, nonce, and ha1 values inside of the serialized session cookie, an attacker may...
Deserialization of untrusted data
Sagemcom F@ST 5280 routers using firmware version 1.150.61 have insecure deserialization that allows any authenticated user to perform a privilege escalation to any other user. By making a request with valid sessid, nonce, and ha1 values inside of the serialized session cookie, an attacker may...
CVE-2020-24034
Sagemcom F@ST 5280 routers using firmware version 1.150.61 have insecure deserialization that allows any authenticated user to perform a privilege escalation to any other user. By making a request with valid sessid, nonce, and ha1 values inside of the serialized session cookie, an attacker may...
CVE-2020-24034
CVE-2020-24034 affects Sagemcom F@ST 5280 routers running firmware version 1.150.61. The issue is an insecure deserialization in the authenticated flow that lets a logged-in user alter a serialized session cookie (sess_id, nonce, ha1) to assume another user’s role, including an internal account w...
Sagemcom F@ST 5280 Privilege Escalation Vulnerability
Sagemcom F@ST 5280 routers using firmware version 1.150.61, and possibly others, have an insecure deserialization vulnerability that allows any authenticated user to perform a privilege escalation to any other user. By making a request with valid sessid, nonce, and ha1 values inside of the...
Sagemcom F@ST 5280 Privilege Escalation
privilege escalation Date: 08-31-2020 Exploit Author: Ryan Delaney Author Contact: ryan.delaney owasp org Author LinkedIn: https://www.linkedin.com/in/infosecrd/ Vendor Homepage: https://sagemcom.com/en Software Link: N/A F@ST 5280 firmware not published Version: F@ST 5280 router, F/W 1.150.61,...
Sagemcom [email protected] 3890 (50_10_19-T1) Cable Modem - Cable Haunt Remote Code Execution Exploit
// EDB Note: Download https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47936.zip function buf2hexbuffer // buffer is an ArrayBuffer return Array.prototype.map.callnew Uint8Arraybuffer, x = '00' + x.toString16.slice-2.join''; function insertAtarr, index, toInsert...
Sagemcom F@ST 3890 (50_10_19-T1) Cable Modem - Cable Haunt Remote Code Execution
Sagemcom F@ST 3890 501019-T1 Cable Modem - Cable Haunt Remote Code Execution // EDB Note: Download https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47936.zip function buf2hexbuffer // buffer is an ArrayBuffer return Array.prototype.map.callnew Uint8Arraybuffer, x...
Sagemcom F@ST 3890 (50_10_19-T1) Cable Modem - 'Cable Haunt' Remote Code Execution
// EDB Note: Download https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/47936.zip function buf2hexbuffer // buffer is an ArrayBuffer return Array.prototype.map.callnew Uint8Arraybuffer, x = '00' + x.toString16.slice-2.join''; function insertAtarr, index, toInsert...
Multiple vendor based Broadcom cable modems buffer overflow vulnerability
Sagemcom F@st 5260, Sagemcom F@st 3890 etc. is a router.Technicolor TC7230 STEB is a wireless router. A buffer overflow vulnerability exists in Broadcom cable modems based on multiple vendors. A remote attacker could execute arbitrary code in the kernel via JavaScript running in the victim's...
CVE-2019-19494
Broadcom based cable modems across multiple vendors are vulnerable to a buffer overflow, which allows a remote attacker to execute arbitrary code at the kernel level via JavaScript run in a victim's browser. Examples of affected products include Sagemcom F@st 3890 prior to 50.10.21T4, Sagemcom F@...