13 matches found
CVE-2017-20204
DBLTek GoIP devices models GoIP 1, 4, 8, 16, and 32 contain an undocumented vendor backdoor in the Telnet administrative interface that allows remote authentication as an undocumented user via a proprietary challenge–response scheme which is fundamentally flawed. Because the challenge response ca...
CVE-2017-20204
DBLTek GoIP devices models GoIP 1, 4, 8, 16, and 32 contain an undocumented vendor backdoor in the Telnet administrative interface that allows remote authentication as an undocumented user via a proprietary challenge–response scheme which is fundamentally flawed. Because the challenge response ca...
CVE-2017-20204 DBLTek GoIP Telnet Admin Interface Undocumented Backdoor
DBLTek GoIP devices models GoIP 1, 4, 8, 16, and 32 contain an undocumented vendor backdoor in the Telnet administrative interface that allows remote authentication as an undocumented user via a proprietary challenge–response scheme which is fundamentally flawed. Because the challenge response ca...
CVE-2017-20204
CVE-2017-20204 affects DBLTek GoIP voice gateway devices (GoIP 1, 4, 8, 16, 32). The Telnet admin interface contains an undocumented vendor backdoor that enables remote authentication as an undocumented user via a flawed challenge–response scheme. Because the challenge can be derived from itself,...
DASAN H665 Backdoor Account Vulnerability
DASAN H665 has a vendor backdoor built into BusyBox /bin/login that provides remote root access with no password. DASAN H665 has vendor backdoor built into BusyBox /bin/login. Account named "dnsekakf2$$" gives access to admin uid 0 account over telnet without any password, at least for...
DASAN H665 Backdoor Account
Hi! DASAN H665 has vendor backdoor built into BusyBox /bin/login. Account named "dnsekakf2$$" gives access to admin uid 0 account over telnet without any password, at least for administration interface documented in H665 Quick Guide subnet 192.168.55.0/24 on LAN interface. $ telnet 192.168.55.1...
Unspecified Vulnerability in ECOS Secure Boot Stick
The ECOS Secure Boot Stick a.k.a. SBS is a security device from ECOS TECHNOLOGY, Germany for remote access to Citrix, Microsoft Terminal Server, VMware and other web applications. A security vulnerability exists in ECOS SBS version 5.6.5 that stems from an undocumented vendor backdoor in the...
Unspecified Vulnerability in ECOS System Management Appliance
ECOS System Management Appliance a.k.a. SMA is a virtual appliance from ECOS TECHNOLOGY, Germany, for centralized management of ECOS products, which is capable of running on VMware, Crtrix XenServer, and Hyper-V. A security vulnerability exists in ECOS SMA version 5.2.68 that stems from an...
CVE-2017-7462
Intellinet NFC-30ir IP Camera has a vendor backdoor that can allow a remote attacker access to a vendor-supplied CGI script in the web directory...
CVE-2017-7462
Intellinet NFC-30ir IP Camera has a vendor backdoor that can allow a remote attacker access to a vendor-supplied CGI script in the web directory...
CVE-2017-7462
The CVE-2017-7462 entry corresponds to the Intellinet NFC-30ir IP Camera vulnerability where a vendor backdoor allows remote access to a vendor-supplied CGI script in the web directory. Connected sources (CNVD-2017-05506, NVD/CVE-2017-7462, and Exploit-DB entry 41829) corroborate a remote, unauth...
CVE-2017-7462
Intellinet NFC-30ir IP Camera has a vendor backdoor that can allow a remote attacker access to a vendor-supplied CGI script in the web directory...
Undocumented Backdoor Account in DBLTek GoIP
Trustwave recently reported a remotely exploitable issue in the Telnet administrative interface of numerous DblTek branded devices. The issue permits a remote attacker to gain a shell with root privileges on the affected device due to a vendor backdoor in the authentication procedure. The Telnet...