EUVD-2018-12937

Malware in sbrugna...

Technicolor DPC3928SL Cross Site Scripting Vulnerability

The Technicolor DPC3928SL is a cable modem from the French Technicolor group. A cross-site scripting vulnerability exists in the Technicolor DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-160428a version. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML with the...

CVE-2018-20379

Technicolor DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-160428a devices allow XSS via a Cross Protocol Injection attack with setSSID of 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.1.1.3.10001...

CVE-2018-20379

CVE-2018-20379 affects Technicolor DPC3928SL devices (model D3928SL-PSIP-13-A010-c3420r55105-160428a). The vulnerability is a cross-site scripting (XSS) flaw exposed through a cross protocol injection path involving the setSSID field identified by the OID 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.1.1.3.100...

CVE-2018-13114

Missing authentication and improper input validation in KERUI Wifi Endoscope Camera YPC99 allow an attacker to execute arbitrary commands with a length limit of 19 characters via the "ssid" value, as demonstrated by ssid:;ping 192.168.1.2 in the body of a SETSSID command...

Input validation

Missing authentication and improper input validation in KERUI Wifi Endoscope Camera YPC99 allow an attacker to execute arbitrary commands with a length limit of 19 characters via the "ssid" value, as demonstrated by ssid:;ping 192.168.1.2 in the body of a SETSSID command...

CVE-2018-13115

Lack of an authentication mechanism in KERUI Wifi Endoscope Camera YPC99 allows an attacker to watch or block the camera stream. The RTSP server on port 7070 accepts the command STOP to stop streaming, and the command SETSSID to disconnect a user...