Skip to main content

Search This Blog

Vulnerabilities from Life (CVE, CISA, MITRE, NVD)

I share vulnerabilities on this page to raise awareness for everyone. https://www.linkedin.com/in/cumhurkizilari/

Unauthenticated User Creation and Privilege Escalation in Richerlink ANM8001H Indoor EoC Master (white labeled to: EK Plus (Ekselans by ITS) ) / CVE pending

Get link
Facebook
X
Pinterest
Email
Other Apps

December 15, 2024

I will share the update once I receive the CVE.

Get link
Facebook
X
Pinterest
Email
Other Apps

Comments

Post a Comment

Popular posts from this blog

AvediaServer Unauthorised API Access Vulnerability

Two weeks ago I discovered a security vulnerability in AvediaServer, details of which you can see below. VITEC (formerly Exterity) AvediaServer uses API to list, create and delete users. On the other hand, as you can see, they forgot to implement any authentication to this API. So, if you send the following GET requests to AvediaServer, you can see all users, individual user details with encrypted password (if the user is local) and profiles (admin, asset manager, etc.). Platform details where I found this vulnerability. AvediaServer Product : avsrv-m8105 Platform : mavsrv-c1520 Version : 8.6.2-1 http://hostname/api/auth/users http://hostname/api/auth/users/1 http://hostname/api/auth/profiles You can also create a user with administrative access if you send a POST request using the following parameters. I also used Shodan and Google Dorking and found several devices open to the internet. I found asset owners based on IP address records and I informed them. ...

Unauthenticated Configuration File Exposure via Predictable URL in DB-70 / CVE pending

December 21, 2024

Delta Dore DB-70 is Industrial IP Controller The Delta Dore DB-70 stores its configuration on a static path on the web server. The naming structure for the configuration file is "DB-70_WSA_" + "Application Version without dots" + "_config.bin". For instance, if the application version is 01.04.00, the configuration file would be named "DB-70_WSA_010104_config.bin" . http://xx.yy.zz.tt:8080/admin/DB-70_WSA_010104_config.bin The DB-70 device exposes its application version on the " informations.shtm " web page without requiring any authentication. As a result, anyone can easily retrieve the device's application version. Consequently, an unauthenticated attacker can easily construct a URL to retrieve the device's configuration file without any authentication. This configuration file contains the username and password in plain text, posing a significant security risk. It exposes the device to potential denial-of-service attac...

IP-COM Multi-WAN Hotspot Router (M50) Vulnerability / CVE pending

November 30, 2024

IP-COM Multi-WAN Hotspot Router (M50) allow unauthenticated remote attackers to access the configuration file and consequently bypass authentication by directly requesting either http://xxx.yyy.zzz.qqq/cgi-bin/DownloadCfg/RouterCfm.cfg or http://xxx.yyy.zzz.qqq/cgi-bin/DownloadCfg/switch.cfg. The configuration file contains the administrator password encoded in Base64. A remote attacker can easily decode the administrator password, set up a VPN server, infiltrate the victim's network, and alter DNS records to manipulate requests, redirecting users to malicious sites. Model: Multi-WAN Hotspot Router M50 Version: V15.01.0.5(3076_839) Cumhur Kizilari

Powered by Blogger

Theme images by Michael Elkan

Cumhur/Zeus: Bir gün doğmuşum, başka bir gün öleceğim. Aradaki zamanı mutlu, mesut yaşamaya çalışarak geçiriyorum.

Archive

December 20243
November 20241
May 20241

Report Abuse