Lucene search
K
ZeroscienceRecent

1109 matches found

Zero Science Lab
Zero Science Lab
added 2021/04/23 12:0 a.m.148 views

Sipwise C5 NGCP CSC CSRF Click2Dial Exploit

Summary Sipwise C5 also known as NGCP - the Next Generation Communication Platform is a SIP-based Open Source Class 5 VoIP soft-switch platform that allows you to provide rich telephony services. It offers a wide range of features e.g. call forwarding, voicemail, conferencing etc. that can be...

8.8CVSS7.3AI score0.00926EPSS
Exploits3
Zero Science Lab
Zero Science Lab
added 2021/04/23 12:0 a.m.127 views

Sipwise C5 NGCP CSC Multiple Stored/Reflected XSS Vulnerabilities

Summary Sipwise C5 also known as NGCP - the Next Generation Communication Platform is a SIP-based Open Source Class 5 VoIP soft-switch platform that allows you to provide rich telephony services. It offers a wide range of features e.g. call forwarding, voicemail, conferencing etc. that can be...

5.4CVSS6.2AI score0.01123EPSS
Exploits3
Zero Science Lab
Zero Science Lab
added 2021/04/01 12:0 a.m.128 views

ZBL EPON ONU Broadband Router 1.0 Remote Privilege Escalation Exploit

Summary EONU-x GEPON ONU layer-3 home gateway/CPE broadband router. Description The application suffers from a privilege escalation vulnerability. The limited administrative user admin:admin can elevate his/her privileges by sending a HTTP GET request to the configuration backup endpoint or the...

8.7CVSS5.8AI score0.00247EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2021/03/18 12:0 a.m.235 views

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Unauthenticated Log Disclosure

Summary JT3500V is a most advanced LTE-A Pro CAT12 indoor Wi-Fi & VoIP CPE product specially designed to enable quick and easy LTE fixed data service deployment for residential and SOHO customers. It provides high speed LAN, Wi-Fi and VoIP integrated services to end users who need both bandwidth...

5.7AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2021/03/18 12:0 a.m.109 views

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Unauthenticated Device Reboot (DoS)

Summary JT3500V is a most advanced LTE-A Pro CAT12 indoor Wi-Fi & VoIP CPE product specially designed to enable quick and easy LTE fixed data service deployment for residential and SOHO customers. It provides high speed LAN, Wi-Fi and VoIP integrated services to end users who need both bandwidth...

5.7AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2021/03/18 12:0 a.m.143 views

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Unauthenticated Config Download

Summary JT3500V is a most advanced LTE-A Pro CAT12 indoor Wi-Fi & VoIP CPE product specially designed to enable quick and easy LTE fixed data service deployment for residential and SOHO customers. It provides high speed LAN, Wi-Fi and VoIP integrated services to end users who need both bandwidth...

5.7AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2021/03/18 12:0 a.m.89 views

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Unauthenticated Factory Reset

Summary JT3500V is a most advanced LTE-A Pro CAT12 indoor Wi-Fi & VoIP CPE product specially designed to enable quick and easy LTE fixed data service deployment for residential and SOHO customers. It provides high speed LAN, Wi-Fi and VoIP integrated services to end users who need both bandwidth...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2021/03/18 12:0 a.m.68 views

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Insufficient Session Expiration

Summary JT3500V is a most advanced LTE-A Pro CAT12 indoor Wi-Fi & VoIP CPE product specially designed to enable quick and easy LTE fixed data service deployment for residential and SOHO customers. It provides high speed LAN, Wi-Fi and VoIP integrated services to end users who need both bandwidth...

7.5CVSS5.7AI score0.00378EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2021/03/18 12:0 a.m.144 views

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Hard-coded Credentials Shell Access

Summary JT3500V is a most advanced LTE-A Pro CAT12 indoor Wi-Fi & VoIP CPE product specially designed to enable quick and easy LTE fixed data service deployment for residential and SOHO customers. It provides high speed LAN, Wi-Fi and VoIP integrated services to end users who need both bandwidth...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2021/03/18 12:0 a.m.84 views

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Weak Default WiFi Password Algorithm

Summary JT3500V is a most advanced LTE-A Pro CAT12 indoor Wi-Fi & VoIP CPE product specially designed to enable quick and easy LTE fixed data service deployment for residential and SOHO customers. It provides high speed LAN, Wi-Fi and VoIP integrated services to end users who need both bandwidth...

5.7AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2021/03/18 12:0 a.m.249 views

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Improper Access Control (IDOR)

Summary JT3500V is a most advanced LTE-A Pro CAT12 indoor Wi-Fi & VoIP CPE product specially designed to enable quick and easy LTE fixed data service deployment for residential and SOHO customers. It provides high speed LAN, Wi-Fi and VoIP integrated services to end users who need both bandwidth...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2021/03/18 12:0 a.m.153 views

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Remote Code Execution (Backdoors)

Summary JT3500V is a most advanced LTE-A Pro CAT12 indoor Wi-Fi & VoIP CPE product specially designed to enable quick and easy LTE fixed data service deployment for residential and SOHO customers. It provides high speed LAN, Wi-Fi and VoIP integrated services to end users who need both bandwidth...

6AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2021/03/18 12:0 a.m.153 views

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Authenticated Command Injection

Summary JT3500V is a most advanced LTE-A Pro CAT12 indoor Wi-Fi & VoIP CPE product specially designed to enable quick and easy LTE fixed data service deployment for residential and SOHO customers. It provides high speed LAN, Wi-Fi and VoIP integrated services to end users who need both bandwidth...

6.1AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2021/03/18 12:0 a.m.89 views

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Privilege Escalation

Summary JT3500V is a most advanced LTE-A Pro CAT12 indoor Wi-Fi & VoIP CPE product specially designed to enable quick and easy LTE fixed data service deployment for residential and SOHO customers. It provides high speed LAN, Wi-Fi and VoIP integrated services to end users who need both bandwidth...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2021/03/18 12:0 a.m.128 views

SOYAL Biometric Access Control System 5.0 Master Code Disclosure

Summary Soyal Access systems are built into Raytel Door Entry Systems and are providing access and lift control to many buildings from public and private apartment blocks to prestigious public buildings. Description The controller suffers from a cleartext transmission of sensitive information. Th...

5.9AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2021/03/18 12:0 a.m.103 views

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Authentication Bypass

Summary JT3500V is a most advanced LTE-A Pro CAT12 indoor Wi-Fi & VoIP CPE product specially designed to enable quick and easy LTE fixed data service deployment for residential and SOHO customers. It provides high speed LAN, Wi-Fi and VoIP integrated services to end users who need both bandwidth...

5.7AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2021/03/18 12:0 a.m.124 views

SOYAL Biometric Access Control System 5.0 CSRF Change Admin Password

Summary Soyal Access systems are built into Raytel Door Entry Systems and are providing access and lift control to many buildings from public and private apartment blocks to prestigious public buildings. Description The application interface allows users to perform certain actions via HTTP reques...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2021/03/18 12:0 a.m.150 views

SOYAL 701Server 9.0.1 Insecure Permissions

Summary 701 Server is the program used to set up and configure LAN and IP based access control systems, from the COM port used to the quantity and type of controllers connected. It is also used for programming some of the more complex controllers such as the AR-716E and the AR-829E. Description T...

8.8CVSS7.2AI score0.01866EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2021/03/18 12:0 a.m.142 views

SOYAL 701Client 9.0.1 Insecure Permissions

Summary 701 Client is the user interface software for the access control system. It is used for adding and deleting tokens, setting door groups for access, setting time zones for limiting access and monitoring ingress and egress on a live system, among other things. Description The application...

8.8CVSS7.3AI score0.01866EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2021/03/18 12:0 a.m.364 views

SOYAL Biometric Access Control System 5.0 Weak Default Credentials

Summary Soyal Access systems are built into Raytel Door Entry Systems and are providing access and lift control to many buildings from public and private apartment blocks to prestigious public buildings. Description The web control panel uses weak set of default administrative credentials no...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2021/03/10 12:0 a.m.144 views

NuCom 11N Wireless Router v5.07.90 Remote Privilege Escalation

Summary The NC routers upgrades your network to the next generation of WiFi. With combined wireless speeds of up to 1750 Mbps, the device provides better speeds and wireless range. Includes 2 FXS ports for any VoIP service. If you prefer a wired connection, the NC routers have gigabit ports to...

8.7CVSS5.7AI score0.00266EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2021/02/07 12:0 a.m.308 views

SmartFoxServer 2X 2.17.0 God Mode Console WebSocket XSS

Summary SmartFoxServer SFS is a comprehensive SDK for rapidly developing multiplayer games and applications with Adobe Flash/Flex/Air, Unity, HTML5, iOS, Universal Windows Platform, Android, Java, C++ and more. SmartFoxServer comes with a rich set of features, an impressive documentation set, ten...

5.4CVSS6.3AI score0.01347EPSS
Exploits3
Zero Science Lab
Zero Science Lab
added 2021/02/07 12:0 a.m.130 views

SmartFoxServer 2X 2.17.0 God Mode Console Remote Code Execution

Summary SmartFoxServer SFS is a comprehensive SDK for rapidly developing multiplayer games and applications with Adobe Flash/Flex/Air, Unity, HTML5, iOS, Universal Windows Platform, Android, Java, C++ and more. SmartFoxServer comes with a rich set of features, an impressive documentation set, ten...

8.8CVSS7.6AI score0.02609EPSS
Exploits3
Zero Science Lab
Zero Science Lab
added 2021/02/07 12:0 a.m.131 views

SmartFoxServer 2X 2.17.0 Credentials Disclosure

Summary SmartFoxServer SFS is a comprehensive SDK for rapidly developing multiplayer games and applications with Adobe Flash/Flex/Air, Unity, HTML5, iOS, Universal Windows Platform, Android, Java, C++ and more. SmartFoxServer comes with a rich set of features, an impressive documentation set, ten...

5.5CVSS6AI score0.00369EPSS
Exploits3
Zero Science Lab
Zero Science Lab
added 2021/01/26 12:0 a.m.56 views

STVS ProVision 5.9.10 (archive.rb) Authenticated File Disclosure Vulnerability

Summary STVS is a Swiss company specializing in development of software for digital video recording for surveillance cameras as well as the establishment of powerful and user-friendly IP video surveillance networks. Description The NVR software ProVision suffers from an authenticated arbitrary fi...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2021/01/26 12:0 a.m.40 views

STVS ProVision 5.9.10 Cross-Site Request Forgery (Add Admin)

Summary STVS is a Swiss company specializing in development of software for digital video recording for surveillance cameras as well as the establishment of powerful and user-friendly IP video surveillance networks. Description The application interface allows users to perform certain actions via...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2021/01/26 12:0 a.m.71 views

STVS ProVision 5.9.10 Authenticated Reflected Cross-Site Scripting

Summary STVS is a Swiss company specializing in development of software for digital video recording for surveillance cameras as well as the establishment of powerful and user-friendly IP video surveillance networks. Description Input passed to the POST parameter 'files' is not properly sanitised...

5.4CVSS6.1AI score0.00182EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2021/01/21 12:0 a.m.291 views

Selea Targa IP OCR-ANPR Camera CSRF Add Admin Exploit

Summary IP camera with optical character recognition OCR software for automatic number plate recognition ANPR also equipped with ADR system that enables it to read the Hazard Identification Number HIN, also known as the Kemler Code and UN number of any vehicle captured in free-flow mode. TARGA is...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2021/01/21 12:0 a.m.325 views

Selea Targa IP OCR-ANPR Camera Remote Stored XSS

Summary IP camera with optical character recognition OCR software for automatic number plate recognition ANPR also equipped with ADR system that enables it to read the Hazard Identification Number HIN, also known as the Kemler Code and UN number of any vehicle captured in free-flow mode. TARGA is...

6.1AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2021/01/21 12:0 a.m.268 views

Selea Targa IP OCR-ANPR Camera Developer Backdoor Config Overwrite

Summary IP camera with optical character recognition OCR software for automatic number plate recognition ANPR also equipped with ADR system that enables it to read the Hazard Identification Number HIN, also known as the Kemler Code and UN number of any vehicle captured in free-flow mode. TARGA is...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2021/01/21 12:0 a.m.272 views

Selea Targa IP OCR-ANPR Camera Unauthenticated RTP/RTSP/M-JPEG Stream Disclosure

Summary IP camera with optical character recognition OCR software for automatic number plate recognition ANPR also equipped with ADR system that enables it to read the Hazard Identification Number HIN, also known as the Kemler Code and UN number of any vehicle captured in free-flow mode. TARGA is...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2021/01/21 12:0 a.m.377 views

Selea Targa IP OCR-ANPR Camera Unauthenticated Remote Code Execution

Summary IP camera with optical character recognition OCR software for automatic number plate recognition ANPR also equipped with ADR system that enables it to read the Hazard Identification Number HIN, also known as the Kemler Code and UN number of any vehicle captured in free-flow mode. TARGA is...

6AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2021/01/21 12:0 a.m.369 views

Selea Targa IP OCR-ANPR Camera Unauthenticated SSRF

Summary IP camera with optical character recognition OCR software for automatic number plate recognition ANPR also equipped with ADR system that enables it to read the Hazard Identification Number HIN, also known as the Kemler Code and UN number of any vehicle captured in free-flow mode. TARGA is...

7.8CVSS6AI score0.00526EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2021/01/21 12:0 a.m.348 views

Selea CarPlateServer (CPS) v4.0.1.6 Local Privilege Escalation

Summary Our CPS Car Plate Server software is an advanced solution that can be installed on computers and servers and used as an operations centre. It can create sophisticated traffic control and road safety systems connecting to stationary, mobile or vehicle-installed ANPR systems. CPS allows to...

8.5CVSS6.2AI score0.00127EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2021/01/21 12:0 a.m.408 views

Selea Targa IP OCR-ANPR Camera Unauthenticated Directory Traversal File Disclosure

Summary IP camera with optical character recognition OCR software for automatic number plate recognition ANPR also equipped with ADR system that enables it to read the Hazard Identification Number HIN, also known as the Kemler Code and UN number of any vehicle captured in free-flow mode. TARGA is...

9.3CVSS7.3AI score0.00715EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2021/01/21 12:0 a.m.294 views

Selea CarPlateServer (CPS) v4.0.1.6 Remote Program Execution

Summary Our CPS Car Plate Server software is an advanced solution that can be installed on computers and servers and used as an operations centre. It can create sophisticated traffic control and road safety systems connecting to stationary, mobile or vehicle-installed ANPR systems. CPS allows to...

9.3CVSS6AI score0.0043EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2020/12/24 12:0 a.m.396 views

Arteco Web Client DVR/NVR 'SessionId' Cookie Brute Force Session Hijacking Exploit

Summary Arteco DVR/NVR is a mountable industrial surveillance server ideal for those who need to manage IP video surveillance designed for medium to large installations that require high performance and reliability. Arteco can handle IP video sources from all major international manufacturers and...

9.8CVSS5.8AI score0.00595EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2020/12/02 12:0 a.m.152 views

Sony BRAVIA Digital Signage 1.7.8 Unauthenticated Remote File Inclusion

Summary Sony's BRAVIA Signage is an application to deliver video and still images to Pro BRAVIAs and manage the information via a network. Features include management of displays, power schedule management, content playlists, scheduled delivery management, content interrupt, and more. This...

6.1CVSS5.9AI score0.0048EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2020/12/02 12:0 a.m.73 views

Sony BRAVIA Digital Signage 1.7.8 Client-Side Protection Bypass / IDOR

Summary Sony's BRAVIA Signage is an application to deliver video and still images to Pro BRAVIAs and manage the information via a network. Features include management of displays, power schedule management, content playlists, scheduled delivery management, content interrupt, and more. This...

9.8CVSS5.8AI score0.00924EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2020/12/02 12:0 a.m.98 views

Sony BRAVIA Digital Signage 1.7.8 System API Information Disclosure

Summary Sony's BRAVIA Signage is an application to deliver video and still images to Pro BRAVIAs and manage the information via a network. Features include management of displays, power schedule management, content playlists, scheduled delivery management, content interrupt, and more. This...

7.5CVSS5.8AI score0.0055EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2020/11/15 12:0 a.m.65 views

RED-V Super Digital Signage System RXV-A740R Log Information Disclosure

Summary RED-V Super Digital Signage transforms simple screens into customized TV channels, delivering audiovisual communication as immersive user experiences. It is the final blending of years of know-how in multimedia, mobile and web experience, tablet and multimedia server design. Description T...

7.5CVSS5.8AI score0.00378EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2020/11/04 12:0 a.m.317 views

iDS6 DSSPro Digital Signage System 6.2 Improper Access Control Privilege Escalation

Summary iDS6 Software's DSSPro network digital signage management system is a web-based server software solution for Windows. Description The application suffers from a privilege escalation vulnerability. An authenticated user can elevate his/her privileges by calling JS functions from the consol...

8.8CVSS5.8AI score0.00315EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2020/11/04 12:0 a.m.338 views

iDS6 DSSPro Digital Signage System 6.2 Cross-Site Request Forgery (CSRF)

Summary iDS6 Software's DSSPro network digital signage management system is a web-based server software solution for Windows. Description The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be...

5.1CVSS5.8AI score0.00142EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2020/11/04 12:0 a.m.252 views

iDS6 DSSPro Digital Signage System 6.2 CAPTCHA Security Bypass

Summary iDS6 Software's DSSPro network digital signage management system is a web-based server software solution for Windows. Description The CAPTCHA function for DSSPro is prone to a security bypass vulnerability that occurs in the CAPTCHA authentication routine. By requesting the...

9.8CVSS5.9AI score0.00429EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2020/11/04 12:0 a.m.567 views

iDS6 DSSPro Digital Signage System 6.2 (autoSave) Cookie User Password Disclosure

Summary iDS6 Software's DSSPro network digital signage management system is a web-based server software solution for Windows. Description The application suffers from a cleartext transmission/storage of sensitive information in a cookie when using the Remember autoSave=true feature. This allows a...

8.6CVSS5.8AI score0.0028EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2020/10/26 12:0 a.m.145 views

TDM Digital Signage PC Player 4.1 Insecure File Permissions

Summary With TDM you can do a lot more than just show Digital Signage. With our Enterprise-Grade software you open the door to Interactive Signage, Analytics, Proof of Play and a lot more. Description TDM Digital Signage Windows Player suffers from an elevation of privileges vulnerability which c...

8.8CVSS5.8AI score0.00225EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2020/10/26 12:0 a.m.199 views

Adtec Digital Multiple Products Default/Hardcoded Credentials Remote Root

Summary Adtec Digital is a leading manufacturer of Broadcast, Cable and IPTV products and solutions. Description The devices utilizes hard-coded and default credentials within its Linux distribution image for Web/Telnet/SSH access. A remote attacker could exploit this vulnerability by logging in...

8.7CVSS7.3AI score0.0033EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2020/10/18 12:0 a.m.133 views

ReQuest Serious Play F3 Media Server 7.0.3 Unauthenticated Remote Code Execution

Summary F3 packs all the power of ReQuest's multi-zone serious Play servers into a compact powerhouse. With the ability to add unlimited NAS devices, the F3 can handle your entire family's media collection with ease. Description The ReQuest ARQ F3 web server suffers from an unauthenticated remote...

9.3CVSS6.4AI score0.00628EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2020/10/18 12:0 a.m.183 views

ReQuest Serious Play F3 Media Server 7.0.3 Remote Denial of Service

Summary F3 packs all the power of ReQuest's multi-zone serious Play servers into a compact powerhouse. With the ability to add unlimited NAS devices, the F3 can handle your entire family's media collection with ease. Description The device can be shutdown or rebooted by an unauthenticated attacke...

8.7CVSS5.8AI score0.00465EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2020/10/18 12:0 a.m.163 views

ReQuest Serious Play F3 Media Server 7.0.3 Debug Log Disclosure

Summary F3 packs all the power of ReQuest's multi-zone serious Play servers into a compact powerhouse. With the ability to add unlimited NAS devices, the F3 can handle your entire family's media collection with ease. Description The unprotected web management server is vulnerable to sensitive...

8.7CVSS5.8AI score0.00327EPSS
Exploits1
Total number of security vulnerabilities1109