63 matches found
Motorola MX011ANM File Upload Vulnerability
The Motorola MX011ANM is an Internet set-top box device from Motorola, U.S.A. The Xfinity XR11-20 Voice Remote is a voice remote control device.Comcast is a set of firmware developed by Comcast, U.S.A., that runs in devices such as gateways and modems. . A security vulnerability in the Comcast...
Cisco DPC3939 Firmware Unauthorized Operation Vulnerability
Cisco DPC3939 is a wireless voice gateway product from Cisco USA. A security vulnerability exists in the Cisco DPC3939 firmware. Allows a remote attacker to discover the CM MAC address through an xfinitywifi hotspot connected to the device...
Design/Logic Flaw
Comcast XFINITY WiFi Home Hotspot devices allow remote attackers to spoof the identities of Comcast customers via a forged MAC address...
CVE-2017-9498
The Comcast firmware on Motorola MX011ANM firmware version MX011AN2.9p6s1PRODsey and Xfinity XR11-20 Voice Remote devices allows local users to upload arbitrary firmware images to an XR11 by leveraging root access. In other words, there is no protection mechanism involving digital signatures for...
CVE-2017-9498
The Comcast firmware on Motorola MX011ANM firmware version MX011AN2.9p6s1PRODsey and Xfinity XR11-20 Voice Remote devices allows local users to upload arbitrary firmware images to an XR11 by leveraging root access. In other words, there is no protection mechanism involving digital signatures for...
CVE-2017-9475
CVE-2017-9475 affects Comcast XFINITY WiFi Home Hotspot devices. It describes a remote‑level vulnerability where an attacker can spoof the identities of Comcast customers by forging MAC addresses. The available description does not specify the exact component, firmware version, or root cause beyo...
CVE-2017-9498
The CVE-2017-9498 entry affects Comcast firmware on Motorola MX011ANM and Xfinity XR11-20 Voice Remote, where there is no digital-signature protection for firmware updates. This allows a local attacker with root access to upload arbitrary firmware images to the XR11, as described in the vulnerabi...
CVE-2017-9498
The Comcast firmware on Motorola MX011ANM firmware version MX011AN2.9p6s1PRODsey and Xfinity XR11-20 Voice Remote devices allows local users to upload arbitrary firmware images to an XR11 by leveraging root access. In other words, there is no protection mechanism involving digital signatures for...
R7-2016-23, R7-2016-26, R7-2016-27: Multiple Home Security Vulnerabilities
Executive Summary In October of 2016, former Rapid7 researcher Phil Bosco discovered a number of relatively low-risk vulnerabilities and issues involving home security systems that are common throughout the United States, and which have significant WiFi or Ethernet capabilities. The three systems...
Xfinity Gateway (Technicolor DPC3941T) - Cross-Site Request Forgery Vulnerability
Exploit for hardware platform in category web applications Exploit Title: CSRF XFINITY Gateway product Technicolorpreviously Cisco DPC3941T Date: 09/08/2016 Exploit Author: Ayushman Dutta Version: dpc3941-P20-18-v303r20421733-160413a-CMCST CVE : CVE-2016-7454 The Device DPC3941T is vulnerable to...
XFINITY Gateway Technicolor DPC3941T Cross Site Request Forgery Vulnerability
XFINITY Gateway Technicolor DPC3941T wifi password changing cross site request forgery proof of concept code. Exploit Title: CSRF XFINITY Gateway product Technicolorpreviously Cisco DPC3941T Exploit Author: Ayushman Dutta Version: dpc3941-P20-18-v303r20421733-160413a-CMCST CVE : CVE-2016-7454 The...
XFINITY Gateway Technicolor DPC3941T Cross Site Request Forgery
Exploit Title: CSRF XFINITY Gateway product Technicolorpreviously Cisco DPC3941T Date: 12/12/2016 Exploit Author: Ayushman Dutta Version: dpc3941-P20-18-v303r20421733-160413a-CMCST CVE : CVE-2016-7454 The Device DPC3941T is vulnerable to CSRF and has no security on the entire admin panel for it...
Xfinity Gateway Remote Code Execution Vulnerability
Xfinity Gateway is a gateway product from Xfinity. A remote code execution vulnerability exists in the destinationaddress parameter of the networkdiagnostictools.php page of the Xfinity Gateway system, which can be exploited by an attacker to execute arbitrary code in the context of an affected...
Xfinity Gateway - Remote Code Execution Vulnerability
Exploit for hardware platform in category web applications Exploit Title: Xfinity Gateway: Remote Code Execution Date: 12/2/2016 Exploit Author: Gregory Smiley Contact: email protected Vendor Homepage: http://xfinity.com Platform: php The page located at /networkdiagnostictools.php has a feature...
Xfinity Gateway Remote Code Execution
Exploit Title: Xfinity Gateway: Remote Code Execution Date: 12/2/2016 Exploit Author: Gregory Smiley Contact: [email protected] Vendor Homepage: http://xfinity.com Platform: php The page located at /networkdiagnostictools.php has a feature called test connectivity, which is carried out through ...
Xfinity Gateway - Remote Code Execution
Exploit Title: Xfinity Gateway: Remote Code Execution Date: 12/2/2016 Exploit Author: Gregory Smiley Contact: [email protected] Vendor Homepage: http://xfinity.com Platform: php The page located at /networkdiagnostictools.php has a feature called test connectivity, which is carried out through ...
Xfinity Gateway - Remote Code Execution
Xfinity Gateway - Remote Code Execution Exploit Title: Xfinity Gateway: Remote Code Execution Date: 12/2/2016 Exploit Author: Gregory Smiley Contact: [email protected] Vendor Homepage: http://xfinity.com Platform: php The page located at /networkdiagnostictools.php has a feature called test...
Xfinity Gateway Cross Site Request Forgery
EXPLOIT TITLE: CSRF RCE XFINITY WEB GATEWAY AUTHOR: Pabstersac DATE: 1ST OF AUGUST 2016 CVE: N/A CATEGORY: REMOTE CONTACT: [email protected] IF ANYONE HAS COMMUNICATION WITH VENDOR PLEASE NOTIFY THEM SINCE THEY HAVE IGNORED ME. CSRF FOR COMCAST XFINITY WEB GATEWAY. LEADS TO RCE AND ACCESS TO T...
Xfinity Gateway - Cross-Site Request Forgery Vulnerability
Exploit for hardware platform in category web applications EXPLOIT TITLE: CSRF RCE XFINITY WEB GATEWAY AUTHOR: Pabstersac DATE: 1ST OF AUGUST 2016 CVE: N/A CATEGORY: REMOTE CONTACT: email protected IF ANYONE HAS COMMUNICATION WITH VENDOR PLEASE NOTIFY THEM SINCE THEY HAVE IGNORED ME. CSRF FOR...
Xfinity Gateway - Cross-Site Request Forgery
EXPLOIT TITLE: CSRF RCE XFINITY WEB GATEWAY AUTHOR: Pabstersac DATE: 1ST OF AUGUST 2016 CVE: N/A CATEGORY: REMOTE CONTACT: [email protected] IF ANYONE HAS COMMUNICATION WITH VENDOR PLEASE NOTIFY THEM SINCE THEY HAVE IGNORED ME. CSRF FOR COMCAST XFINITY WEB GATEWAY. LEADS TO RCE AND ACCESS TO T...