Actiontec T2200H Remote Reverse Root Shell
Actiontec T2200H allows for command injection that provides a remote root reverse shell.
View ArticleActiontec WCB3000N 0.16.2.5 Privilege Escalation
Actiontec WCB3000N with firmware version 0.16.2.5 suffers from a privilege escalation vulnerability.
View ArticleOpenConext-EngineBlock 5.7.3 Cross Site Scripting
OpenConext-EngineBlock versions 5.7.0 through 5.7.3suffers from a cross site scripting vulnerability.
View ArticleDSub For Subsonic 5.4.1 Improper Certificate Validation
DSub for Subsonic version 5.4.1 suffers from an improper certificate validation vulnerability.
View ArticleSubsonic Music Streamer 4.4 For Android Improper Certificate Validation
Subsonic Music Streamer version 4.4 suffers from an improper certificate validation vulnerability.
View ArticleTelus Actiontec T2200H WiFi Credential Disclosure
Telus Actiontec T2200H with firmware T2200H-31.128L.08 suffers from a credential disclosure vulnerability. An HTTP interface used by wireless extenders to pull the modem's wifi settings uses DHCP...
View ArticleTelus Actiontec WEB6000Q Privilege Escalation
Telus Actiontec WEB6000Q with firmware 1.1.02.22 suffers from both local and remote privilege escalation vulnerabilities.
View ArticleTelus Actiontec WEB6000Q Denial Of Service
Telus Actiontec WEB6000Q with firmware 1.1.02.22 suffers from a denial of service vulnerability. By querying CGI endpoints with empty (GET/POST/HEAD) requests causes a Segmentation Fault of the uhttpd...
View ArticleTelus Actiontec T2200H Serial Number Information Disclosure
Telus Actiontec T2200H with firmware T2200H-31.128L.08 suffers from a serial number information disclosure vulnerability. The wireless extenders use DHCP Option 125 to include device details such as...
View ArticleTelus Actiontec WEB6000Q Serial Number Information Disclosure
Telus Actiontec WEB6000Q with firmware 1.1.02.22 suffers from a serial number information disclosure vulnerability. The wireless extenders use DHCP Option 125 to include device details such as model...
View ArticleTelus Actiontec T2200H Local Privilege Escalation
Telus Actiontec T2200H with firmware T2200H-31.128L.08 suffers from a local privilege escalation vulnerability.
View ArticleFortinet FortiSIEM 5.0 / 5.2.1 Improper Certification Validation
A FortiSIEM collector connects to a Supervisor/Worker over HTTPS TLS (443/TCP) to register itself as well as relaying event data such as syslog, netflow, SNMP, etc. When the Collector (the client)...
View ArticleFortinet FortiSIEM 5.2.5 / 5.2.6 Hardcoded Key
Fortinet FortiSIEM has a hard-coded SSH public key for user "tunneluser" which is the same between all installs. An attacker with this key can successfully authenticate as this user to the FortiSIEM...
View Article