17 matches found
EUVD-2016-3415
Malware in sbrugna...
EUVD-2016-3416
Malware in sbrugna...
EUVD-2016-3417
Malware in sbrugna...
Systech SysLINK M2M Modular Gateway Privilege Acquisition Vulnerability (CNVD-2016-02708)
The Systech SysLINK SL-1000 M2M Machine-to-Machine Modular Gateway is a router product from Systech, Inc. that provides DHCP, NAT, VPN, and firewall features. A security vulnerability exists in the Systech SysLINK SL-1000 M2M Modular Gateway that can be exploited by a remote attacker to gain root...
CVE-2016-2333
SysLINK SL-1000 Machine-to-Machine M2M Modular Gateway devices with firmware before 01A.8 use the same hardcoded encryption key across different customers' installations, which allows attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another...
CVE-2016-2332
flu.cgi in the web interface on SysLINK SL-1000 Machine-to-Machine M2M Modular Gateway devices with firmware before 01A.8 allows remote authenticated users to execute arbitrary commands via the 5066 aka dnsmasq parameter...
CVE-2016-2331
The web interface on SysLINK SL-1000 Machine-to-Machine M2M Modular Gateway devices with firmware before 01A.8 has a default password, which makes it easier for remote attackers to obtain access via unspecified vectors...
Hardcoded credentials
SysLINK SL-1000 Machine-to-Machine M2M Modular Gateway devices with firmware before 01A.8 use the same hardcoded encryption key across different customers' installations, which allows attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another...
Default credentials
The web interface on SysLINK SL-1000 Machine-to-Machine M2M Modular Gateway devices with firmware before 01A.8 has a default password, which makes it easier for remote attackers to obtain access via unspecified vectors...
Code injection
flu.cgi in the web interface on SysLINK SL-1000 Machine-to-Machine M2M Modular Gateway devices with firmware before 01A.8 allows remote authenticated users to execute arbitrary commands via the 5066 aka dnsmasq parameter...
CVE-2016-2331
The web interface on SysLINK SL-1000 Machine-to-Machine M2M Modular Gateway devices with firmware before 01A.8 has a default password, which makes it easier for remote attackers to obtain access via unspecified vectors...
CVE-2016-2331
The CVE-2016-2331 issue affects Systech SysLINK SL-1000 M2M Modular Gateway devices with firmware prior to 01A.8. Multiple sources describe a privilege-acquisition vulnerability in the web interface due to a hard-coded/default password, enabling a remote attacker to obtain root access. CERT/CC no...
CVE-2016-2332
Affected product: SysLINK SL-1000 M2M Modular Gateway. Vulnerability: Command injection via the web interface (flu.cgi) where the 5066 parameter (dnsmasq) can be exploited by an authenticated user to execute arbitrary commands with root privileges. Root cause: Web interface processes crafted POST...
CVE-2016-2332
flu.cgi in the web interface on SysLINK SL-1000 Machine-to-Machine M2M Modular Gateway devices with firmware before 01A.8 allows remote authenticated users to execute arbitrary commands via the 5066 aka dnsmasq parameter...
CVE-2016-2333
SysLINK SL-1000 Machine-to-Machine M2M Modular Gateway devices with firmware before 01A.8 use the same hardcoded encryption key across different customers' installations, which allows attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another...
CVE-2016-2333
The CVE-2016-2333 issue affects the SysLINK SL-1000 M2M Modular Gateway family, with firmware prior to 01A.8, where a single hard-coded cryptographic key is reused across different installations. This flaw can allow an attacker with knowledge of the key to defeat cryptographic protections, potent...
SysLINK M2M Modular Gateway contains multiple vulnerabilities
Overview The SysLINK SL-1000 M2M Machine-to-Machine Modular Gateway contains multiple vulnerabilities. Description According to the researcher, the SysLINK SL-1000 M2M Modular Gateway contains multiple vulnerabilities:CWE-259: Use of Hard-coded Password - CVE-2016-2331 By default, the device's we...