EUVD-2018-9615

Malware in sbrugna...

CVE-2018-17873

An incorrect access control vulnerability in the FTP configuration of WiFiRanger devices with firmware version 7.0.8rc3 and earlier allows an attacker with adjacent network access to read the SSH Private Key and log in to the root account...

Improper access control

An incorrect access control vulnerability in the FTP configuration of WiFiRanger devices with firmware version 7.0.8rc3 and earlier allows an attacker with adjacent network access to read the SSH Private Key and log in to the root account...

CVE-2018-17873

WiFiRanger devices (indoor: Core, GoAC; outdoor paired: Sky Pro, EliteAC, EliteAC FM) running firmware ≤7.0.8rc3 have an incorrect FTP access control. An adjacent-network attacker can read the SSH private key via FTP and log in as root. Public PoC references exist (e.g., 0day.today, PacketStorm)....

CVE-2018-17873

An incorrect access control vulnerability in the FTP configuration of WiFiRanger devices with firmware version 7.0.8rc3 and earlier allows an attacker with adjacent network access to read the SSH Private Key and log in to the root account...

WiFiRanger 7.0.8rc3 Incorrect Access Control / Privilege Escalation Vulnerability

WiFiRanger version 7.0.8rc3 suffers from an incorrect access control that allows for ftp retrieval of an RSA identity that an attacker can use to ssh in as root. Exploit Title: WiFiRanger 7.0.8rc3 Incorrect Access Control - Privilege Escalation POC Exploit Author: Mitchel Jordan Vendor Homepage:...

WiFiRanger 7.0.8rc3 Incorrect Access Control / Privilege Escalation

Exploit Title: WiFiRanger 7.0.8rc3 Incorrect Access Control - Privilege Escalation POC Exploit Author: Mitchel Jordan Date: 2018-10-18 Vendor Homepage: https://wifiranger.com/ Firmware: Phantom 7.0.8rc3 CVE: CVE-2018-17873 Details: WiFiRanger indoor routers Core, GoAC and their outdoor paired...