167 matches found
CVE-2022-4985
Vodafone H500s devices running firmware v3.5.10 hardware model Sercomm VFH500 expose the WiFi access point password via an unauthenticated HTTP endpoint. By sending a crafted GET request to /data/activation.json with specific headers and cookies, a remote attacker can retrieve a JSON document tha...
CVE-2022-4985
Vodafone H500s devices running firmware v3.5.10 hardware model Sercomm VFH500 expose the WiFi access point password via an unauthenticated HTTP endpoint. By sending a crafted GET request to /data/activation.json with specific headers and cookies, a remote attacker can retrieve a JSON document tha...
CVE-2022-4985 Vodafone H500s WiFi Password Disclosure via activation.json
Vodafone H500s devices running firmware v3.5.10 hardware model Sercomm VFH500 expose the WiFi access point password via an unauthenticated HTTP endpoint. By sending a crafted GET request to /data/activation.json with specific headers and cookies, a remote attacker can retrieve a JSON document tha...
CVE-2022-4985
CVE-2022-4985 affects Vodafone H500s routers with firmware v3.5.10 (Sercomm VFH500). An unauthenticated HTTP GET to /data/activation.json with crafted headers/cookies discloses a JSON payload containing wifi_password, enabling remote attackers to obtain Wi‑Fi credentials and gain unauthorized net...
Vodafone H500s 安全漏洞
Vodafone H500s is a WiFi router from Vodafone UK. A security vulnerability exists in Vodafone H500s version v3.5.10 that originates from an unauthenticated HTTP endpoint exposing the WiFi password, which could lead to unauthorized access to the wireless network...
PT-2025-47023
Name of the Vulnerable Software and Affected Versions Vodafone H500s devices version 3.5.10 Description Vodafone H500s devices running firmware version 3.5.10 hardware model Sercomm VFH500 have an issue where the WiFi access point password is exposed through an unauthenticated HTTP endpoint. An...
EUVD-2014-6769
Malware in sbrugna...
EUVD-2014-5819
Malware in sbrugna...
vodafone.motion-tm.de Cross Site Scripting vulnerability OBB-3930533
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
vodafone.motion-tm.de Cross Site Scripting vulnerability OBB-3930078
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2024-1623
Insufficient session timeout vulnerability in the FAST3686 V2 Vodafone router from Sagemcom. This vulnerability could allow a local attacker to access the administration panel without requiring login credentials. This vulnerability is possible because the 'Login.asp and logout.asp' files do not...
CVE-2024-1623
Insufficient session timeout vulnerability in the FAST3686 V2 Vodafone router from Sagemcom. This vulnerability could allow a local attacker to access the administration panel without requiring login credentials. This vulnerability is possible because the 'Login.asp and logout.asp' files do not...
CVE-2024-1623
The CVE-2024-1623 entry concerns the Sagemcom FAST3686 V2 Vodafone router. Affected component: the router’s web admin login flow, specifically Login.asp and logout.asp, with an insufficient session timeout that fails to manage session details correctly. Impact described as allowing a local attack...
CVE-2024-1623 Insufficient session timeout vulnerability in Sagemcom router
Insufficient session timeout vulnerability in the FAST3686 V2 Vodafone router from Sagemcom. This vulnerability could allow a local attacker to access the administration panel without requiring login credentials. This vulnerability is possible because the 'Login.asp and logout.asp' files do not...
PT-2024-18174 · Sagemcom · Sagemcom Fast3686 V2
Name of the Vulnerable Software and Affected Versions: Sagemcom FAST3686 V2 Vodafone router affected versions not specified Description: The issue is related to an insufficient session timeout in the Sagemcom FAST3686 V2 Vodafone router. This could allow a local attacker to access the...
British LAPSUS$ Teen Members Sentenced for High-Profile Attacks
Two British teens part of the LAPSUS$ cyber crime and extortion gang have been sentenced for their roles in orchestrating a string of high-profile attacks against a number of companies. Arion Kurtaj, an 18-year-old from Oxford, has been sentenced to an indefinite hospital order due to his intent ...
onenet.vodafone.com Open Redirect vulnerability OBB-3774255
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
xadedev-ext.vodafone.com Open Redirect vulnerability OBB-3494070
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
xdber.caas.vodafone.com Open Redirect vulnerability OBB-3494069
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
vfde-citrix-ext.vodafone.com Open Redirect vulnerability OBB-3494060
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...