64 matches found
CVE-2014-1982
The CVE-2014-1982 issue affects Allied Telesis AT-RG634A ADSL Broadband router (3.3+), plus related firmware (iMG624A 3.5, iMG616LH 2.4, iMG646BD 3.5). The root cause is OS command injection via a direct request to cli.html, enabling remote attackers to gain privileges and execute arbitrary comma...
CVE-2014-1982
The administrative interface in Allied Telesis AT-RG634A ADSL Broadband router 3.3+, iMG624A firmware 3.5, iMG616LH firmware 2.4, and iMG646BD firmware 3.5 allows remote attackers to gain privileges and execute arbitrary commands via a direct request to cli.html...
Allied Telesis AT-RG634A ADSL Broadband Router - Unauthenticated Webshell
Exploit for hardware platform in category web applications Title: Allied Telesis AT-RG634A ADSL Broadband router hidden administrative unauthenticated webshell. Vulnerability Information: - CVE: CVE-2014-1982 - Type of Vulnerability: - CWE-78 : OS Command Injection - CWE-306 : Missing...
Allied Telesis AT-RG634A ADSL Broadband Router - Web Shell
Allied Telesis AT-RG634A ADSL Broadband Router - Web Shell Title: Allied Telesis AT-RG634A ADSL Broadband router hidden administrative unauthenticated webshell. Vulnerability Information: - CVE: CVE-2014-1982 - Type of Vulnerability: - CWE-78 : OS Command Injection - CWE-306 : Missing...
Allied Telesis AT-RG634A Unauthenticated Webshell
Title: Allied Telesis AT-RG634A ADSL Broadband router hidden administrative unauthenticated webshell. Vulnerability Information: - CVE: CVE-2014-1982 - Type of Vulnerability: - CWE-78 : OS Command Injection - CWE-306 : Missing Authentication for Critical Function Affected products: - Allied Teles...
Allied Telesis AT-RG634A ADSL Broadband Router - Web Shell
Title: Allied Telesis AT-RG634A ADSL Broadband router hidden administrative unauthenticated webshell. Vulnerability Information: - CVE: CVE-2014-1982 - Type of Vulnerability: - CWE-78 : OS Command Injection - CWE-306 : Missing Authentication for Critical Function Affected products: - Allied Teles...
DefenseCode Security Advisory: Cisco Linksys Remote Preauth 0day Root Exploit Follow-Up
A few weeks ago, we have announced remote preauth root access exploit for Cisco Linksys http://www.youtube.com/watch?v=cv-MbL7KFKE. Vulnerability details were disclosed here: http://www.defensecode.com/public/DefenseCodeBroadcomSecurityAdvisory.pdf During further research, we have discovered that...
Allied Telesis AT-MCF2000M 3.0.2 Gaining Root Shell Access
Exploit for hardware platform in category remote exploits Allied Telesis AT-MCF2000M 3.0.2 Gaining Root Shell Access Device: "The AT-MCF2000M is the management module for the AT-MCF2000 two-slot chassis. With the AT-MCF2000M management module, if there is a blade failure, insertion or removal, yo...
Allied Telesis AT-MCF2000M 3.0.2 - Remote Command Execution
:::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ "Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP" "YmmMMMM"" MMM YM Discovered by dun \ posdubatgmail.com 2013-01-02 Allied Telesis AT-MCF2000M 3.0.2 Gaining Root Shell Access Device: "The AT-MCF2000M is the management module for the...
Allied Telesis AT-MCF2000M 3.0.2 - Remote Command Execution
Allied Telesis AT-MCF2000M 3.0.2 - Remote Command Execution :::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ "Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP" "YmmMMMM"" MMM YM Discovered by dun \ posdubatgmail.com 2013-01-02 Allied Telesis AT-MCF2000M 3.0.2 Gaining Root Shell Acces...
Allied Telesis AT-MCF2000M 3.0.2 Local Root
:::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ "Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP" "YmmMMMM"" MMM YM Discovered by dun \ posdubatgmail.com 2013-01-02 Allied Telesis AT-MCF2000M 3.0.2 Gaining Root Shell Access Device: "The AT-MCF2000M is the management module for the...
ManageEngine Device Expert 5.6 Directory Traversal
ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet Unauthenticated Remote Directory Traversal Database Backup / auth-conf.xml Disclosure Exploit product homepage: http://www.manageengine.com/products/device-expert/ file tested: ManageEngineDeviceExpert.exe tested against:...
ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet - Directory Traversal
ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet - Directory Traversal ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet Unauthenticated Remote Directory Traversal Database Backup / auth-conf.xml Disclosure Exploit product homepage:...
ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet - Directory Traversal
ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet Unauthenticated Remote Directory Traversal Database Backup / auth-conf.xml Disclosure Exploit product homepage: http://www.manageengine.com/products/device-expert/ file tested: ManageEngineDeviceExpert.exe tested against:...
Vendor's List Of Backdoor Accounts Leaked Online
An internal document listing the backdoor accounts for switches manufactured by networking equipment vendor Allied Telesis was circulating online Friday, a day after an internal support page providing instructions on accessing hard coded back door accounts in the company’s products was found to b...
Hardware Vendor Offers Backdoor with Every Product
IT administrators know there’s nothing more frustrating than losing administrative access to your network equipment. But Allied Telesis, a Japan-based maker of switches, routers and other networking devices, has a fix: guaranteed backdoors for every product. That revelation comes after a support...
CVE-2006-6717
The Allied Telesis AT-9000/24 Ethernet switch accepts management packets from arbitrary VLANs, contrary to the documentation, which allows remote attackers to conduct attacks against the switch from unexpected locations...
CVE-2006-6718
The Allied Telesis AT-9000/24 Ethernet switch has a default password for its admin account, "manager," which allows remote attackers to perform unauthorized actions...
CVE-2006-6717
The Allied Telesis AT-9000/24 Ethernet switch accepts management packets from arbitrary VLANs, contrary to the documentation, which allows remote attackers to conduct attacks against the switch from unexpected locations...
CVE-2006-6718
The Allied Telesis AT-9000/24 Ethernet switch has a default password for its admin account, "manager," which allows remote attackers to perform unauthorized actions...