Lucene search
K

104 matches found

Prion
Prion
added 2023/09/19 2:15 p.m.26 views

Hardcoded credentials

Technicolor TG670 10.5.N.9 devices contain multiple accounts with hard-coded passwords. One account has administrative privileges, allowing for unrestricted access over the WAN interface if Remote Administration is enabled...

5.8CVSS7.1AI score0.00503EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/09/19 12:0 a.m.5 views

Technicolor TG670 Trust Management Issue Vulnerability

The Technicolor TG670 is a switch from Technicolor. A security vulnerability exists in the Technicolor TG670 version 10.5.N.9, which stems from the device containing multiple accounts with hard-coded passwords. This allows an attacker to gain unrestricted access through the WAN interface...

7.2CVSS7AI score0.00503EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/09/19 12:0 a.m.17 views

CVE-2023-31808

Technicolor TG670 10.5.N.9 devices contain multiple accounts with hard-coded passwords. One account has administrative privileges, allowing for unrestricted access over the WAN interface if Remote Administration is enabled...

7.4AI score0.00503EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/09/19 12:0 a.m.19 views

CVE-2023-31808

Technicolor TG670 10.5.N.9 devices contain multiple accounts with hard-coded passwords. One account has administrative privileges, allowing for unrestricted access over the WAN interface if Remote Administration is enabled...

7.2AI score0.00503EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2023/09/07 12:0 a.m.36 views

Synology RT6600ax info.cgi Exposure of Sensitive Data Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Synology RT6600ax routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the info.cgi file. The issue results from the exposure of sensitive da...

5.3CVSS6.1AI score0.00687EPSS
Exploits0References1
CERT
CERT
added 2023/07/11 12:0 a.m.27 views

Hard-coded credentials in Technicolor TG670 DSL gateway router

Overview The Technicolor TG670 DSL Gateway Router includes a hard-coded service account that allows for authentication over services on the WAN interface, using HTTP, SSH, or TELNET. The authenticated user can use it to gain full administrative control of the router. Description A hard-coded...

7.2CVSS7.5AI score0.00503EPSS
Exploits0References3
Metasploit
Metasploit
added 2023/06/09 7:50 p.m.268 views

Zyxel IKE Packet Decoder Unauthenticated Remote Code Execution

This module exploits a remote unauthenticated command injection vulnerability in the Internet Key Exchange IKE packet decoder over UDP port 500 on the WAN interface of several Zyxel devices. The affected devices are as follows: ATP Firmware version 4.60 to 5.35 inclusive, USG FLEX Firmware versio...

9.8CVSS9.1AI score0.99284EPSS
Exploits8
Rapid7 Blog
Rapid7 Blog
added 2023/05/31 2:11 p.m.61 views

Widespread Exploitation of Zyxel Network Devices

Rapid7 is tracking reports of ongoing exploitation of CVE-2023-28771, a critical unauthenticated command injection vulnerability affecting multiple Zyxel networking devices. The vulnerability is present in the default configuration of vulnerable devices and is exploitable in the Wide Area Network...

7.5CVSS10.4AI score0.99284EPSS
Exploits8
CNVD
CNVD
added 2023/03/30 12:0 a.m.3 views

TOTOLINK A7100RU upBw Parameter Command Injection Vulnerability

The TOTOLINK A7100RU is a wireless router manufactured by China's Gion Electronics TOTOLINK, mainly used for home network connection. The TOTOLINK A7100RU suffers from a command injection vulnerability that stems from the upBw parameter in /setting/setWanIeCfg failing to properly filter construct...

9.8CVSS7.9AI score0.02023EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2023/02/15 5:31 a.m.5 views

SUSE CVE-2014-1444

The fstgetiface function in drivers/net/wan/farsync.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging the CAPNETADMIN capability for an SIOCWANDEV ioctl call...

1.7CVSS5.8AI score0.00338EPSS
Exploits1References15
CNNVD
CNNVD
added 2023/02/09 12:0 a.m.4 views

Ubiquiti EdgeRouters 代码注入漏洞

Ubiquiti EdgeRouters is a series of edge routers from Ubiquiti USA. A security vulnerability exists in Ubiquiti EdgeRouters version 2.0.9-hotfix.5 and earlier, UniFi Security Gateways USG version 4.4.56 and earlier, which stems from a vulnerability that allows a malicious actor to connect directl...

8.8CVSS8.7AI score0.0089EPSS
Exploits1References2
NVD
NVD
added 2022/12/09 8:15 p.m.33 views

CVE-2022-4390

A network misconfiguration is present in versions prior to 1.0.9.90 of the NETGEAR RAX30 AX2400 series of routers. IPv6 is enabled for the WAN interface by default on these devices. While there are firewall restrictions in place that define access restrictions for IPv4 traffic, these restrictions...

10CVSS0.00902EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/12/09 12:0 a.m.34 views

CVE-2022-4390

A network misconfiguration is present in versions prior to 1.0.9.90 of the NETGEAR RAX30 AX2400 series of routers. IPv6 is enabled for the WAN interface by default on these devices. While there are firewall restrictions in place that define access restrictions for IPv4 traffic, these restrictions...

9.4AI score0.00902EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2022/12/09 12:0 a.m.8 views

The vulnerability of the WAN interface of Netgear RAX30 microprogrammed software routers allows a hacker to gain access to running services and open ports.

The vulnerability of the WAN interface of Netgear RAX30 microprogrammed software routers is related to errors during access control for IPv6 traffic. Exploiting this vulnerability can allow a malicious actor to gain access to running services and open ports...

10CVSS7.7AI score0.00902EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2021/12/30 10:15 p.m.18 views

CVE-2021-20149

Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient access controls for the WAN interface. The default iptables ruleset for governing access to services on the device only apply to IPv4. All services running on the devices are accessible via the WAN interface via IPv6 by default...

9.8CVSS0.01432EPSS
Exploits0References1
OSV
OSV
added 2021/12/30 10:15 p.m.4 views

CVE-2021-20149

Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient access controls for the WAN interface. The default iptables ruleset for governing access to services on the device only apply to IPv4. All services running on the devices are accessible via the WAN interface via IPv6 by default...

9.8CVSS5.8AI score0.01432EPSS
Exploits0References1
Prion
Prion
added 2021/12/30 10:15 p.m.12 views

Default credentials

Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient access controls for the WAN interface. The default iptables ruleset for governing access to services on the device only apply to IPv4. All services running on the devices are accessible via the WAN interface via IPv6 by default...

7.5CVSS9.4AI score0.01432EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/12/30 9:31 p.m.15 views

CVE-2021-20149

Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient access controls for the WAN interface. The default iptables ruleset for governing access to services on the device only apply to IPv4. All services running on the devices are accessible via the WAN interface via IPv6 by default...

9.7AI score0.01432EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/12/26 12:37 a.m.18 views

CVE-2021-45608

Certain D-Link, Edimax, NETGEAR, TP-Link, Tenda, and Western Digital devices are affected by an integer overflow by an unauthenticated attacker. Remote code execution from the WAN interface TCP port 20005 cannot be ruled out; however, exploitability was judged to be of "rather significant...

6.5CVSS9.9AI score0.02513EPSS
Exploits1References2
OpenWrt
OpenWrt
added 2021/02/02 12:0 a.m.89 views

Security Advisory 2021-02-02-1 - netifd and odhcp6c routing loop on IPv6 point to point links (CVE-2021-22161)

DESCRIPTION In case a link prefix route points to a point-to-point link it can trigger a routing loop if the destination IPv6 address belongs to the prefix and is not a local IPv6 address. If such a packet is received and not directed to a local IPv6 address it will be routed back to the...

6.5CVSS6.5AI score0.00524EPSS
Exploits0
Rows per page
Query Builder