ABB Cylon Aspect 3.08.00 (log(Mix/Yum)Lookup.php) Off-by-One Error in Log Parsing

ABB Cylon Aspect 3.08.01 (badassMode) File Upload MD5 Checksum Bypass

ABB Cylon Aspect 3.08.01 (jsonProxy.php) Unauthenticated Project Download

ABB Cylon Aspect 3.08.01 (jsonProxy.php) Servlet Inclusion Authentication Bypass

ABB Cylon Aspect 3.08.01 (jsonProxy.php) Unauthenticated Credentials Disclosure

Verizon's 4G LTE Network Extender is utilising a weak default admin password generation algorithm. The password is generated using the last 4 values from device's MAC address which is disclosed on the main webUI login page to an unauthenticated attacker. The values are then concatenated with the string 'LTEFemto' resulting in something like 'LTEFemtoD080' as the default Admin password.

Headline

Verizon 4G LTE Network Extender Weak Credentials Algorithm

Zero Science Lab: Latest News