EUVD-2014-8193

Malware in sbrugna...

CVE-2019-10677

Multiple Cross-Site Scripting XSS issues in the web interface on DASAN Zhone ZNID GPON 2426A EU version S3.1.285 devices allow a remote attacker to execute arbitrary JavaScript via manipulation of an unsanitized GET parameter: /zhndnsdisplay.cmd name, /wlsecrefresh.wl wlWscCfgMethod, wlwscreg...

VulnCheck KEV: CVE-2014-8356

The web administrative portal in Zhone zNID 2426A before S3.0.501 allows remote authenticated users to bypass intended access restrictions via a modified server response, related to an insecure direct object reference...

VulnCheck KEV: CVE-2014-8357

backupsettings.html in the web administrative portal in Zhone zNID GPON 2426A before S3.0.501 places a session key in a URL, which allows remote attackers to obtain arbitrary user passwords via the sessionKey parameter in a getConfig action to backupsettings.conf...

VulnCheck KEV: CVE-2014-9118

The web administrative portal in Zhone zNID GPON 2426A before S3.0.501 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddr parameter to zhnping.cmd...

ZHONE ZNID GPON Detection Consolidation

Consolidation of ZHONE ZNID GPON detections. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Dark_Nexus Botnet Compromises Thousands of ASUS, D-Link Routers

A new botnet has compromised hundreds of ASUS, D-Link and Dasan Zhone routers over the past three months, as well as Internet of Things IoT devices like video recorders and thermal cameras. The botnet, called darknexus based on a string it prints in its banner, uses processes similar to previous...

CVE-2014-8356

The web administrative portal in Zhone zNID 2426A before S3.0.501 allows remote authenticated users to bypass intended access restrictions via a modified server response, related to an insecure direct object reference...

Design/Logic Flaw

The web administrative portal in Zhone zNID 2426A before S3.0.501 allows remote authenticated users to bypass intended access restrictions via a modified server response, related to an insecure direct object reference...

CVE-2014-8356

The web administrative portal in Zhone zNID 2426A before S3.0.501 allows remote authenticated users to bypass intended access restrictions via a modified server response, related to an insecure direct object reference...

CVE-2014-8356

The CVE-2014-8356 issue affects Zhone zNID GPON 2426A and related 24xx/42xx/26xx/28xx-series devices, with firmware older than S3.0.501. The vulnerability arises from an Insecure Direct Object Reference that allows remote authenticated users to bypass access controls by altering server responses ...

CVE-2014-8356

The web administrative portal in Zhone zNID 2426A before S3.0.501 allows remote authenticated users to bypass intended access restrictions via a modified server response, related to an insecure direct object reference. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value:...

DASAN Zhone ZNID GPON 2426A EU Cross-Site Scripting Vulnerability

DASAN Zhone ZNID GPON 2426A EU is a wireless router from DASAN Korea. A cross-site scripting vulnerability exists in DASAN Zhone ZNID GPON 2426A EU S3.1.285 and earlier versions. The vulnerability stems from the lack of proper validation of client data by the WEB application. An attacker can...

CVE-2019-10677

Multiple Cross-Site Scripting XSS issues in the web interface on DASAN Zhone ZNID GPON 2426A EU version S3.1.285 devices allow a remote attacker to execute arbitrary JavaScript via manipulation of an unsanitized GET parameter: /zhndnsdisplay.cmd name, /wlsecrefresh.wl wlWscCfgMethod, wlwscreg...

CVE-2019-10677

Multiple Cross-Site Scripting XSS issues in the web interface on DASAN Zhone ZNID GPON 2426A EU version S3.1.285 devices allow a remote attacker to execute arbitrary JavaScript via manipulation of an unsanitized GET parameter: /zhndnsdisplay.cmd name, /wlsecrefresh.wl wlWscCfgMethod, wlwscreg...

Cross site scripting

Multiple Cross-Site Scripting XSS issues in the web interface on DASAN Zhone ZNID GPON 2426A EU version S3.1.285 devices allow a remote attacker to execute arbitrary JavaScript via manipulation of an unsanitized GET parameter: /zhndnsdisplay.cmd name, /wlsecrefresh.wl wlWscCfgMethod, wlwscreg...

CVE-2019-10677

Multiple Cross-Site Scripting XSS issues in the web interface on DASAN Zhone ZNID GPON 2426A EU version S3.1.285 devices allow a remote attacker to execute arbitrary JavaScript via manipulation of an unsanitized GET parameter: /zhndnsdisplay.cmd name, /wlsecrefresh.wl wlWscCfgMethod, wlwscreg...

CVE-2019-10677

CVE-2019-10677 affects DASAN Zhone ZNID GPON 2426A EU (S3.1.285 and earlier). The flaw is a lack of proper validation/sanitization in the web interface, enabling Cross-Site Scripting via unsanitized GET parameters: /zhndnsdisplay.cmd (name) and /wlsecrefresh.wl (wlWscCfgMethod, wl_wsc_reg). Docum...

DASAN Zhone ZNID GPON 2426A EU - Multiple Cross-Site Scripting Vulnerabilities

Exploit for hardware platform in category web applications Multiple Cross-Site Scripting XSS in the web interface of DASAN Zhone ZNID GPON 2426A EU version S3.1.285 application allows a remote attacker to execute arbitrary JavaScript via manipulation of an unsanitized GET parameters. Exploit Titl...

DASAN Zhone ZNID GPON 2426A EU - Multiple Cross-Site Scripting

DASAN Zhone ZNID GPON 2426A EU - Multiple Cross-Site Scripting Multiple Cross-Site Scripting XSS in the web interface of DASAN Zhone ZNID GPON 2426A EU version S3.1.285 application allows a remote attacker to execute arbitrary JavaScript via manipulation of an unsanitized GET parameters. Exploit...