104 matches found
Hardcoded credentials
Technicolor TG670 10.5.N.9 devices contain multiple accounts with hard-coded passwords. One account has administrative privileges, allowing for unrestricted access over the WAN interface if Remote Administration is enabled...
Technicolor TG670 Trust Management Issue Vulnerability
The Technicolor TG670 is a switch from Technicolor. A security vulnerability exists in the Technicolor TG670 version 10.5.N.9, which stems from the device containing multiple accounts with hard-coded passwords. This allows an attacker to gain unrestricted access through the WAN interface...
CVE-2023-31808
Technicolor TG670 10.5.N.9 devices contain multiple accounts with hard-coded passwords. One account has administrative privileges, allowing for unrestricted access over the WAN interface if Remote Administration is enabled...
CVE-2023-31808
Technicolor TG670 10.5.N.9 devices contain multiple accounts with hard-coded passwords. One account has administrative privileges, allowing for unrestricted access over the WAN interface if Remote Administration is enabled...
Synology RT6600ax info.cgi Exposure of Sensitive Data Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Synology RT6600ax routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the info.cgi file. The issue results from the exposure of sensitive da...
Hard-coded credentials in Technicolor TG670 DSL gateway router
Overview The Technicolor TG670 DSL Gateway Router includes a hard-coded service account that allows for authentication over services on the WAN interface, using HTTP, SSH, or TELNET. The authenticated user can use it to gain full administrative control of the router. Description A hard-coded...
Zyxel IKE Packet Decoder Unauthenticated Remote Code Execution
This module exploits a remote unauthenticated command injection vulnerability in the Internet Key Exchange IKE packet decoder over UDP port 500 on the WAN interface of several Zyxel devices. The affected devices are as follows: ATP Firmware version 4.60 to 5.35 inclusive, USG FLEX Firmware versio...
Widespread Exploitation of Zyxel Network Devices
Rapid7 is tracking reports of ongoing exploitation of CVE-2023-28771, a critical unauthenticated command injection vulnerability affecting multiple Zyxel networking devices. The vulnerability is present in the default configuration of vulnerable devices and is exploitable in the Wide Area Network...
TOTOLINK A7100RU upBw Parameter Command Injection Vulnerability
The TOTOLINK A7100RU is a wireless router manufactured by China's Gion Electronics TOTOLINK, mainly used for home network connection. The TOTOLINK A7100RU suffers from a command injection vulnerability that stems from the upBw parameter in /setting/setWanIeCfg failing to properly filter construct...
SUSE CVE-2014-1444
The fstgetiface function in drivers/net/wan/farsync.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging the CAPNETADMIN capability for an SIOCWANDEV ioctl call...
Ubiquiti EdgeRouters 代码注入漏洞
Ubiquiti EdgeRouters is a series of edge routers from Ubiquiti USA. A security vulnerability exists in Ubiquiti EdgeRouters version 2.0.9-hotfix.5 and earlier, UniFi Security Gateways USG version 4.4.56 and earlier, which stems from a vulnerability that allows a malicious actor to connect directl...
CVE-2022-4390
A network misconfiguration is present in versions prior to 1.0.9.90 of the NETGEAR RAX30 AX2400 series of routers. IPv6 is enabled for the WAN interface by default on these devices. While there are firewall restrictions in place that define access restrictions for IPv4 traffic, these restrictions...
CVE-2022-4390
A network misconfiguration is present in versions prior to 1.0.9.90 of the NETGEAR RAX30 AX2400 series of routers. IPv6 is enabled for the WAN interface by default on these devices. While there are firewall restrictions in place that define access restrictions for IPv4 traffic, these restrictions...
The vulnerability of the WAN interface of Netgear RAX30 microprogrammed software routers allows a hacker to gain access to running services and open ports.
The vulnerability of the WAN interface of Netgear RAX30 microprogrammed software routers is related to errors during access control for IPv6 traffic. Exploiting this vulnerability can allow a malicious actor to gain access to running services and open ports...
CVE-2021-20149
Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient access controls for the WAN interface. The default iptables ruleset for governing access to services on the device only apply to IPv4. All services running on the devices are accessible via the WAN interface via IPv6 by default...
CVE-2021-20149
Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient access controls for the WAN interface. The default iptables ruleset for governing access to services on the device only apply to IPv4. All services running on the devices are accessible via the WAN interface via IPv6 by default...
Default credentials
Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient access controls for the WAN interface. The default iptables ruleset for governing access to services on the device only apply to IPv4. All services running on the devices are accessible via the WAN interface via IPv6 by default...
CVE-2021-20149
Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient access controls for the WAN interface. The default iptables ruleset for governing access to services on the device only apply to IPv4. All services running on the devices are accessible via the WAN interface via IPv6 by default...
CVE-2021-45608
Certain D-Link, Edimax, NETGEAR, TP-Link, Tenda, and Western Digital devices are affected by an integer overflow by an unauthenticated attacker. Remote code execution from the WAN interface TCP port 20005 cannot be ruled out; however, exploitability was judged to be of "rather significant...
Security Advisory 2021-02-02-1 - netifd and odhcp6c routing loop on IPv6 point to point links (CVE-2021-22161)
DESCRIPTION In case a link prefix route points to a point-to-point link it can trigger a routing loop if the destination IPv6 address belongs to the prefix and is not a local IPv6 address. If such a packet is received and not directed to a local IPv6 address it will be routed back to the...