Andoryu Botnet Exploits Critical Ruckus Wireless Flaw for Widespread Attack

A nascent botnet called Andoryu has been found to exploit a now-patched critical security flaw in the Ruckus Wireless Admin panel to break into vulnerable devices. The flaw, tracked as CVE-2023-25717 CVSS score: 9.8, stems from improper handling of HTTP requests, leading to unauthenticated remote...

Cisco StarOS Input Validation Error Vulnerability

Cisco StarOS is a set of virtualization operating system of the American Cisco Cisco. Cisco StarOS suffers from an input validation error vulnerability that stems from insufficient validation of user-supplied credentials, which could be exploited by an attacker to allow logging into an affected...

Zyxel chained RCE using LFI and weak password derivation algorithm

This module exploits multiple vulnerabilities in the zhttpd binary /bin/zhttpd and zcmd binary /bin/zcmd. It is present on more than 40 Zyxel routers and CPE devices. The remote code execution vulnerability can be exploited by chaining the local file disclosure vulnerability in the zhttpd binary...

Exploit for Out-of-bounds Write in Linux Linux_Kernel

Project Name CVE-2021-22555 attack script Description Th...

Unspecified Vulnerability in Siemens SCALANCE LPE9403

Siemens SCALANCE LPE9403 is the local processing driver. A security vulnerability exists in the Siemens SCALANCE LPE9403, which can be exploited by an attacker to gain access to the SSH interface on an affected device, thereby interfering with the integrity of the mutex object and the data it...

Siemens SCALANCE LPE9403 Path Traversal Vulnerability

Siemens SCALANCE LPE9403 is the local processing driver. A path traversal vulnerability exists in the Siemens SCALANCE LPE9403, which can be exploited by an attacker to gain access to the SSH interface on an affected device to read the contents of any file named address...

Zyxel Chained Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'socket' require 'digest/md5' class MetasploitModule 'Zyxel chained RCE using LFI and weak password derivation algorithm', 'Description' = %q This module exploit...

CVE-2023-20046

A vulnerability in the key-based SSH authentication feature of Cisco StarOS Software could allow an authenticated, remote attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied credentials. An attacker could exploit this...

CVE-2023-20046

A vulnerability in the key-based SSH authentication feature of Cisco StarOS Software could allow an authenticated, remote attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied credentials. An attacker could exploit this...

Input validation

A vulnerability in the key-based SSH authentication feature of Cisco StarOS Software could allow an authenticated, remote attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied credentials. An attacker could exploit this...

CVE-2023-27409

A vulnerability has been identified in SCALANCE LPE9403 All versions V2.1. A path traversal vulnerability was found in the deviceinfo binary via the mac parameter. This could allow an authenticated attacker with access to the SSH interface on the affected device to read the contents of any file...

CVE-2023-27408

A vulnerability has been identified in SCALANCE LPE9403 All versions V2.1. The i2c mutex file is created with the permissions bits of -rw-rw-rw-. This file is used as a mutex for multiple applications interacting with i2c. This could allow an authenticated attacker with access to the SSH interfac...

CVE-2023-27409

A vulnerability has been identified in SCALANCE LPE9403 All versions V2.1. A path traversal vulnerability was found in the deviceinfo binary via the mac parameter. This could allow an authenticated attacker with access to the SSH interface on the affected device to read the contents of any file...

Path traversal

A vulnerability has been identified in SCALANCE LPE9403 All versions V2.1. A path traversal vulnerability was found in the deviceinfo binary via the mac parameter. This could allow an authenticated attacker with access to the SSH interface on the affected device to read the contents of any file...

Design/Logic Flaw

A vulnerability has been identified in SCALANCE LPE9403 All versions V2.1. The i2c mutex file is created with the permissions bits of -rw-rw-rw-. This file is used as a mutex for multiple applications interacting with i2c. This could allow an authenticated attacker with access to the SSH interfac...

CVE-2023-20046

A vulnerability in the key-based SSH authentication feature of Cisco StarOS Software could allow an authenticated, remote attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied credentials. An attacker could exploit this...

CVE-2023-20046

Cisco StarOS Software contains a vulnerability in the key-based SSH authentication feature that could let an authenticated, low-privilege SSH key grant an attacker login as a high-privileged user. The issue stems from insufficient validation of user-supplied credentials, enabling privilege escala...

CVE-2023-27409

A vulnerability has been identified in SCALANCE LPE9403 All versions V2.1. A path traversal vulnerability was found in the deviceinfo binary via the mac parameter. This could allow an authenticated attacker with access to the SSH interface on the affected device to read the contents of any file...

CVE-2023-27409

The CVE-2023-27409 entry affects Siemens SCALANCE LPE9403 (versions

CVE-2023-27408

A vulnerability has been identified in SCALANCE LPE9403 All versions V2.1. The i2c mutex file is created with the permissions bits of -rw-rw-rw-. This file is used as a mutex for multiple applications interacting with i2c. This could allow an authenticated attacker with access to the SSH interfac...