Security
Headlines
HeadlinesLatestCVEs

Tag

#telnet

CVE-2022-30918: IOT_vuln/H3C/magicR100/8 at main · EPhaha/IOT_vuln

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Asp_SetTelnet parameter at /goform/aspForm.

CVE
Open in Source
#vulnerability#web#mac#intel#auth#telnet#firefox
CVE-2022-30916: IOT_vuln/H3C/magicR100/9 at main · EPhaha/IOT_vuln

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Asp_SetTelnetDebug parameter at /goform/aspForm.

Korenix JetPort 5601V3 Backdoor Account

Korenix JetPort 5601V3 with firmware version 1.0 suffers from having default backdoor accounts. The vendor will not address the issue as they claim the secret cannot be cracked in a reasonable amount of time.

CVE-2021-42892: vuln/totolink_ex1200t_telnet_default.md at main · p1Kk/vuln

In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can start telnet without authorization because the default username and password exists in the firmware.

CVE-2022-30521: CVE/README.md at main · winmt/CVE

The LAN-side Web-Configuration Interface has Stack-based Buffer Overflow vulnerability in the D-Link Wi-Fi router firmware DIR-890L DIR890LA1_FW107b09.bin and previous versions. The function created at 0x17958 of /htdocs/cgibin will call sprintf without checking the length of strings in parameters given by HTTP header and can be controlled by users easily. The attackers can exploit the vulnerability to carry out arbitrary code by means of sending a specially constructed payload to port 49152.

CVE-2021-43729: Hunting for Vulnerabilities in Low-Cost WiFi Repeaters

Pix-Link MiNi Router 28K.MiniRouter.20190211 was discovered to contain a stored cross-site scripting (XSS) vulnerability due to an unsanitized Security Key parameter.

CVE-2022-31215: Remote Support Software for Desktop Support & Systems Management

In certain Goverlan products, the Windows Firewall is temporarily turned off upon a Goverlan agent update operation. This allows remote attackers to bypass firewall blocking rules for a time period of up to 30 seconds. This affects Goverlan Reach Console before 10.5.1, Reach Server before 3.70.1, and Reach Client Agents before 10.1.11.

10 ways attackers gain access to networks

A joint multi-national cybersecurity advisory has revealed the top ten attack vectors most exploited by cybercriminals in order to gain access to organisation networks. The post 10 ways attackers gain access to networks appeared first on Malwarebytes Labs.

CVE-2022-29516: Multiple vulnerabilities in Operation management interface of FUJITSU Network IPCOM

The web console of FUJITSU Network IPCOM series (IPCOM EX2 IN(3200, 3500), IPCOM EX2 LB(1100, 3200, 3500), IPCOM EX2 SC(1100, 3200, 3500), IPCOM EX2 NW(1100, 3200, 3500), IPCOM EX2 DC, IPCOM EX2 DC, IPCOM EX IN(2300, 2500, 2700), IPCOM EX LB(1100, 1300, 2300, 2500, 2700), IPCOM EX SC(1100, 1300, 2300, 2500, 2700), and IPCOM EX NW(1100, 1300, 2300, 2500, 2700)) allows a remote attacker to execute an arbitrary OS command via unspecified vectors.

CVE-2022-29644: IOT/7.md at master · shijin0925/IOT

TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a hard coded password for the telnet service stored in the component /web_cste/cgi-bin/product.ini.