KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Unauthenticated Factory Reset

Summary JT3500V is a most advanced LTE-A Pro CAT12 indoor Wi-Fi & VoIP CPE product specially designed to enable quick and easy LTE fixed data service deployment for residential and SOHO customers. It provides high speed LAN, Wi-Fi and VoIP integrated services to end users who need both bandwidth...

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Improper Access Control (IDOR)

Summary JT3500V is a most advanced LTE-A Pro CAT12 indoor Wi-Fi & VoIP CPE product specially designed to enable quick and easy LTE fixed data service deployment for residential and SOHO customers. It provides high speed LAN, Wi-Fi and VoIP integrated services to end users who need both bandwidth...

SOYAL Biometric Access Control System 5.0 Weak Default Credentials

Summary Soyal Access systems are built into Raytel Door Entry Systems and are providing access and lift control to many buildings from public and private apartment blocks to prestigious public buildings. Description The web control panel uses weak set of default administrative credentials no...

SOYAL Biometric Access Control System 5.0 CSRF Change Admin Password

Summary Soyal Access systems are built into Raytel Door Entry Systems and are providing access and lift control to many buildings from public and private apartment blocks to prestigious public buildings. Description The application interface allows users to perform certain actions via HTTP reques...

SOYAL 701Server 9.0.1 Insecure Permissions

Summary 701 Server is the program used to set up and configure LAN and IP based access control systems, from the COM port used to the quantity and type of controllers connected. It is also used for programming some of the more complex controllers such as the AR-716E and the AR-829E. Description T...

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Weak Default WiFi Password Algorithm

Summary JT3500V is a most advanced LTE-A Pro CAT12 indoor Wi-Fi & VoIP CPE product specially designed to enable quick and easy LTE fixed data service deployment for residential and SOHO customers. It provides high speed LAN, Wi-Fi and VoIP integrated services to end users who need both bandwidth...

SOYAL Biometric Access Control System 5.0 Master Code Disclosure

Summary Soyal Access systems are built into Raytel Door Entry Systems and are providing access and lift control to many buildings from public and private apartment blocks to prestigious public buildings. Description The controller suffers from a cleartext transmission of sensitive information. Th...

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Hard-coded Credentials Shell Access

Summary JT3500V is a most advanced LTE-A Pro CAT12 indoor Wi-Fi & VoIP CPE product specially designed to enable quick and easy LTE fixed data service deployment for residential and SOHO customers. It provides high speed LAN, Wi-Fi and VoIP integrated services to end users who need both bandwidth...

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Authenticated Command Injection

Summary JT3500V is a most advanced LTE-A Pro CAT12 indoor Wi-Fi & VoIP CPE product specially designed to enable quick and easy LTE fixed data service deployment for residential and SOHO customers. It provides high speed LAN, Wi-Fi and VoIP integrated services to end users who need both bandwidth...

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Remote Code Execution (Backdoors)

Summary JT3500V is a most advanced LTE-A Pro CAT12 indoor Wi-Fi & VoIP CPE product specially designed to enable quick and easy LTE fixed data service deployment for residential and SOHO customers. It provides high speed LAN, Wi-Fi and VoIP integrated services to end users who need both bandwidth...

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Authentication Bypass

Summary JT3500V is a most advanced LTE-A Pro CAT12 indoor Wi-Fi & VoIP CPE product specially designed to enable quick and easy LTE fixed data service deployment for residential and SOHO customers. It provides high speed LAN, Wi-Fi and VoIP integrated services to end users who need both bandwidth...

SOYAL 701Client 9.0.1 Insecure Permissions

Summary 701 Client is the user interface software for the access control system. It is used for adding and deleting tokens, setting door groups for access, setting time zones for limiting access and monitoring ingress and egress on a live system, among other things. Description The application...

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Insufficient Session Expiration

Summary JT3500V is a most advanced LTE-A Pro CAT12 indoor Wi-Fi & VoIP CPE product specially designed to enable quick and easy LTE fixed data service deployment for residential and SOHO customers. It provides high speed LAN, Wi-Fi and VoIP integrated services to end users who need both bandwidth...

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Unauthenticated Log Disclosure

Summary JT3500V is a most advanced LTE-A Pro CAT12 indoor Wi-Fi & VoIP CPE product specially designed to enable quick and easy LTE fixed data service deployment for residential and SOHO customers. It provides high speed LAN, Wi-Fi and VoIP integrated services to end users who need both bandwidth...

NuCom 11N Wireless Router v5.07.90 Remote Privilege Escalation

Summary The NC routers upgrades your network to the next generation of WiFi. With combined wireless speeds of up to 1750 Mbps, the device provides better speeds and wireless range. Includes 2 FXS ports for any VoIP service. If you prefer a wired connection, the NC routers have gigabit ports to...

SmartFoxServer 2X 2.17.0 God Mode Console WebSocket XSS

Summary SmartFoxServer SFS is a comprehensive SDK for rapidly developing multiplayer games and applications with Adobe Flash/Flex/Air, Unity, HTML5, iOS, Universal Windows Platform, Android, Java, C++ and more. SmartFoxServer comes with a rich set of features, an impressive documentation set, ten...

SmartFoxServer 2X 2.17.0 God Mode Console Remote Code Execution

Summary SmartFoxServer SFS is a comprehensive SDK for rapidly developing multiplayer games and applications with Adobe Flash/Flex/Air, Unity, HTML5, iOS, Universal Windows Platform, Android, Java, C++ and more. SmartFoxServer comes with a rich set of features, an impressive documentation set, ten...

SmartFoxServer 2X 2.17.0 Credentials Disclosure

Summary SmartFoxServer SFS is a comprehensive SDK for rapidly developing multiplayer games and applications with Adobe Flash/Flex/Air, Unity, HTML5, iOS, Universal Windows Platform, Android, Java, C++ and more. SmartFoxServer comes with a rich set of features, an impressive documentation set, ten...

STVS ProVision 5.9.10 Cross-Site Request Forgery (Add Admin)

Summary STVS is a Swiss company specializing in development of software for digital video recording for surveillance cameras as well as the establishment of powerful and user-friendly IP video surveillance networks. Description The application interface allows users to perform certain actions via...

STVS ProVision 5.9.10 Authenticated Reflected Cross-Site Scripting

Summary STVS is a Swiss company specializing in development of software for digital video recording for surveillance cameras as well as the establishment of powerful and user-friendly IP video surveillance networks. Description Input passed to the POST parameter 'files' is not properly sanitised...

STVS ProVision 5.9.10 (archive.rb) Authenticated File Disclosure Vulnerability

Summary STVS is a Swiss company specializing in development of software for digital video recording for surveillance cameras as well as the establishment of powerful and user-friendly IP video surveillance networks. Description The NVR software ProVision suffers from an authenticated arbitrary fi...

Selea Targa IP OCR-ANPR Camera CSRF Add Admin Exploit

Summary IP camera with optical character recognition OCR software for automatic number plate recognition ANPR also equipped with ADR system that enables it to read the Hazard Identification Number HIN, also known as the Kemler Code and UN number of any vehicle captured in free-flow mode. TARGA is...

Selea CarPlateServer (CPS) v4.0.1.6 Local Privilege Escalation

Summary Our CPS Car Plate Server software is an advanced solution that can be installed on computers and servers and used as an operations centre. It can create sophisticated traffic control and road safety systems connecting to stationary, mobile or vehicle-installed ANPR systems. CPS allows to...

Selea CarPlateServer (CPS) v4.0.1.6 Remote Program Execution

Summary Our CPS Car Plate Server software is an advanced solution that can be installed on computers and servers and used as an operations centre. It can create sophisticated traffic control and road safety systems connecting to stationary, mobile or vehicle-installed ANPR systems. CPS allows to...

Selea Targa IP OCR-ANPR Camera Unauthenticated RTP/RTSP/M-JPEG Stream Disclosure

Summary IP camera with optical character recognition OCR software for automatic number plate recognition ANPR also equipped with ADR system that enables it to read the Hazard Identification Number HIN, also known as the Kemler Code and UN number of any vehicle captured in free-flow mode. TARGA is...

Selea Targa IP OCR-ANPR Camera Unauthenticated SSRF

Summary IP camera with optical character recognition OCR software for automatic number plate recognition ANPR also equipped with ADR system that enables it to read the Hazard Identification Number HIN, also known as the Kemler Code and UN number of any vehicle captured in free-flow mode. TARGA is...

Selea Targa IP OCR-ANPR Camera Remote Stored XSS

Summary IP camera with optical character recognition OCR software for automatic number plate recognition ANPR also equipped with ADR system that enables it to read the Hazard Identification Number HIN, also known as the Kemler Code and UN number of any vehicle captured in free-flow mode. TARGA is...

Selea Targa IP OCR-ANPR Camera Unauthenticated Directory Traversal File Disclosure

Summary IP camera with optical character recognition OCR software for automatic number plate recognition ANPR also equipped with ADR system that enables it to read the Hazard Identification Number HIN, also known as the Kemler Code and UN number of any vehicle captured in free-flow mode. TARGA is...

Selea Targa IP OCR-ANPR Camera Developer Backdoor Config Overwrite

Summary IP camera with optical character recognition OCR software for automatic number plate recognition ANPR also equipped with ADR system that enables it to read the Hazard Identification Number HIN, also known as the Kemler Code and UN number of any vehicle captured in free-flow mode. TARGA is...

Selea Targa IP OCR-ANPR Camera Unauthenticated Remote Code Execution

Summary IP camera with optical character recognition OCR software for automatic number plate recognition ANPR also equipped with ADR system that enables it to read the Hazard Identification Number HIN, also known as the Kemler Code and UN number of any vehicle captured in free-flow mode. TARGA is...

Arteco Web Client DVR/NVR 'SessionId' Cookie Brute Force Session Hijacking Exploit

Summary Arteco DVR/NVR is a mountable industrial surveillance server ideal for those who need to manage IP video surveillance designed for medium to large installations that require high performance and reliability. Arteco can handle IP video sources from all major international manufacturers and...

Sony BRAVIA Digital Signage 1.7.8 Client-Side Protection Bypass / IDOR

Summary Sony's BRAVIA Signage is an application to deliver video and still images to Pro BRAVIAs and manage the information via a network. Features include management of displays, power schedule management, content playlists, scheduled delivery management, content interrupt, and more. This...

Sony BRAVIA Digital Signage 1.7.8 Unauthenticated Remote File Inclusion

Summary Sony's BRAVIA Signage is an application to deliver video and still images to Pro BRAVIAs and manage the information via a network. Features include management of displays, power schedule management, content playlists, scheduled delivery management, content interrupt, and more. This...

Sony BRAVIA Digital Signage 1.7.8 System API Information Disclosure

Summary Sony's BRAVIA Signage is an application to deliver video and still images to Pro BRAVIAs and manage the information via a network. Features include management of displays, power schedule management, content playlists, scheduled delivery management, content interrupt, and more. This...

RED-V Super Digital Signage System RXV-A740R Log Information Disclosure

Summary RED-V Super Digital Signage transforms simple screens into customized TV channels, delivering audiovisual communication as immersive user experiences. It is the final blending of years of know-how in multimedia, mobile and web experience, tablet and multimedia server design. Description T...

iDS6 DSSPro Digital Signage System 6.2 Improper Access Control Privilege Escalation

Summary iDS6 Software's DSSPro network digital signage management system is a web-based server software solution for Windows. Description The application suffers from a privilege escalation vulnerability. An authenticated user can elevate his/her privileges by calling JS functions from the consol...

iDS6 DSSPro Digital Signage System 6.2 Cross-Site Request Forgery (CSRF)

Summary iDS6 Software's DSSPro network digital signage management system is a web-based server software solution for Windows. Description The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be...

iDS6 DSSPro Digital Signage System 6.2 CAPTCHA Security Bypass

Summary iDS6 Software's DSSPro network digital signage management system is a web-based server software solution for Windows. Description The CAPTCHA function for DSSPro is prone to a security bypass vulnerability that occurs in the CAPTCHA authentication routine. By requesting the...

iDS6 DSSPro Digital Signage System 6.2 (autoSave) Cookie User Password Disclosure

Summary iDS6 Software's DSSPro network digital signage management system is a web-based server software solution for Windows. Description The application suffers from a cleartext transmission/storage of sensitive information in a cookie when using the Remember autoSave=true feature. This allows a...

Adtec Digital Multiple Products Default/Hardcoded Credentials Remote Root

Summary Adtec Digital is a leading manufacturer of Broadcast, Cable and IPTV products and solutions. Description The devices utilizes hard-coded and default credentials within its Linux distribution image for Web/Telnet/SSH access. A remote attacker could exploit this vulnerability by logging in...

TDM Digital Signage PC Player 4.1 Insecure File Permissions

Summary With TDM you can do a lot more than just show Digital Signage. With our Enterprise-Grade software you open the door to Interactive Signage, Analytics, Proof of Play and a lot more. Description TDM Digital Signage Windows Player suffers from an elevation of privileges vulnerability which c...

ReQuest Serious Play Media Player 3.0 Directory Traversal File Disclosure Vulnerability

Summary With the MediaPlayer, ReQuest delivers video content and award-winning distributed music capabilities. Up to 4 MediaPlayers 15 when coupled with an approved NAS can be connected through your home network to your ReQuest system, delivering HD video to your television in 1080p via HDMI...

ReQuest Serious Play F3 Media Server 7.0.3 Unauthenticated Remote Code Execution

Summary F3 packs all the power of ReQuest's multi-zone serious Play servers into a compact powerhouse. With the ability to add unlimited NAS devices, the F3 can handle your entire family's media collection with ease. Description The ReQuest ARQ F3 web server suffers from an unauthenticated remote...

ReQuest Serious Play F3 Media Server 7.0.3 Remote Denial of Service

Summary F3 packs all the power of ReQuest's multi-zone serious Play servers into a compact powerhouse. With the ability to add unlimited NAS devices, the F3 can handle your entire family's media collection with ease. Description The device can be shutdown or rebooted by an unauthenticated attacke...

ReQuest Serious Play F3 Media Server 7.0.3 Debug Log Disclosure

Summary F3 packs all the power of ReQuest's multi-zone serious Play servers into a compact powerhouse. With the ability to add unlimited NAS devices, the F3 can handle your entire family's media collection with ease. Description The unprotected web management server is vulnerable to sensitive...

BACnet Test Server 1.01 Remote Denial of Service Exploit

Summary This is a simple BACnet Server aimed at developers who want to explore or test their BACnet Client implementations of the ASHRAE BACnet protocol. It is based on Steve Karg's fine implementation of the BACnet Stack. Description The BACNet Test Server is vulnerable to a denial of service Do...

EmbedThis GoAhead Web Server 5.1.1 Digest Authentication Capture Replay Nonce Reuse

Summary GoAhead is the world's most popular, tiny embedded web server. It is compact, secure and simple to use. GoAhead is deployed in hundreds of millions of devices and is ideal for the smallest of embedded devices. Description A security vulnerability affecting GoAhead versions 2 to 5 has been...

SpinetiX Fusion Digital Signage 3.4.8 CSRF Add Admin Exploit

Summary At SpinetiX we inspire businesses to unlock the potential of their story. We believe in the power of digital signage as a dynamic new storytelling platform to engage with people. For more than 13 years, we have been constantly innovating to deliver cutting-edge digital signage solutions...

SpinetiX Fusion Digital Signage 3.4.8 Database Backup Disclosure

Summary At SpinetiX we inspire businesses to unlock the potential of their story. We believe in the power of digital signage as a dynamic new storytelling platform to engage with people. For more than 13 years, we have been constantly innovating to deliver cutting-edge digital signage solutions...

Sony IPELA Network Camera (ftpclient.cgi) Remote Stack Buffer Overflow

Summary IPELA is Sony's vision of the ultimate workplace, designed to revolutionize the way business communicates over global IP networks. IPELA products can improve the efficiency of your organization by connecting people and places with high-quality audio and video. The SNC-DH120T is an indoor...