Stay updated on the latest vulnerability disclosures, CVE tracking, and security advisories affecting enterprise systems and applications.
This post will describe a backdoor account found in the Zhone GPON-2520 and will provide a PoC which can be used to disable the firewall filtration rules in order to allow access to services such as ssh, telnet and ftp.
Huawei HG8245 & HG8247 ONT (firmware version V1R006C00S100) rely on a weak algorithm to calculate the WPA keys, keys can be predicted easily using the WiFi's MAC Address (BSSID).
The Alcatel-Lucent I-240W-Q ONT's Diagnostics page does not filter shell metacharacters in the IP address field, allowing any authenticated administrator to execute arbitrary commands as root and fully compromise the device.
The Huawei HG8245 ONT, firmware version V1R006C00S100 which provides cellular services, contains 3 severe vulnerabilities: two administrator accounts enabled by default and a public administration interface exposed to the Internet.
Several vulnerabilties were discovered in ZPanel 10.0.1 during our pro bono security audit. The ZPanel team has addressed these issues in version 10.0.2 and it is advised to upgrade.
A range of TP-Link WR740 and related models ship with a hidden debug shell running as root. The credentials are hard-coded in the HTTP server binary and cannot be changed, giving attackers reliable root-level access from the local network or, in some cases, remotely.
TP-Link WR740 routers are vulnerable to a path traversal vulnerability on the web administration interface. Unauthenticated users are able to read any file from the device.
The web management interface of Huawei HG688 routers has several pages which fail to validate the user's session. This allows an attacker to bypass the authentication both locally and remotely.
Several NETGEAR devices expose /currentsetting.htm without authentication, leaking the device model, firmware version, and other metadata that lets an attacker fingerprint the router before launching model-specific exploits.
MantisBT installations 1.2.x up to 1.2.7 are vulnerable to Cross Site Scripting attacks due to lack of sanitation of the variable $_SERVER["PHP_SELF"]
The [img] BBCode tag anti-CSRF filter can be bypassed due to incorrect parsing of the 'action' variable, because of this it is possible to execute CSRF successfully.
Huawei EchoLife HG520 modems do not require authentication to access certain pages such as: '/Forms/access_cwmp_1', '/Forms/rpQos_1' and '/Forms/rpRManage_1'. A CSRF exploit can be used to enable remote administration inerfaces on the WAN.
