‼ CVE-2021-20151 ‼
📖 Read
via "National Vulnerability Database".
Trendnet AC2600 TEW-827DRU version 2.08B01 contains a flaw in the session management for the device. The router's management software manages web sessions based on IP address rather than verifying client cookies/session tokens/etc. This allows an attacker (whether from a different computer, different web browser on the same machine, etc.) to take over an existing session. This does require the attacker to be able to spoof or take over original IP address of the original user's session.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20168 ‼
📖 Read
via "National Vulnerability Database".
Netgear RAX43 version 1.0.3.96 does not have sufficient protections to the UART interface. A malicious actor with physical access to the device is able to connect to the UART port via a serial connection, login with default credentials, and execute commands as the root user. These default credentials are admin:admin.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-4182 ‼
📖 Read
via "National Vulnerability Database".
Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file📖 Read
via "National Vulnerability Database".
‼ CVE-2021-4186 ‼
📖 Read
via "National Vulnerability Database".
Crash in the Gryphon dissector in Wireshark 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20160 ‼
📖 Read
via "National Vulnerability Database".
Trendnet AC2600 TEW-827DRU version 2.08B01 contains a command injection vulnerability in the smb functionality of the device. The username parameter used when configuring smb functionality for the device is vulnerable to command injection as root.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-4181 ‼
📖 Read
via "National Vulnerability Database".
Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20152 ‼
📖 Read
via "National Vulnerability Database".
Trendnet AC2600 TEW-827DRU version 2.08B01 lacks proper authentication to the bittorrent functionality. If enabled, anyone is able to visit and modify settings and files via the Bittorent web client by visiting: http://192.168.10.1:9091/transmission/web/📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20167 ‼
📖 Read
via "National Vulnerability Database".
Netgear RAX43 version 1.0.3.96 contains a command injection vulnerability. The readycloud cgi application is vulnerable to command injection in the name parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20161 ‼
📖 Read
via "National Vulnerability Database".
Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient protections for the UART functionality. A malicious actor with physical access to the device is able to connect to the UART port via a serial connection. No username or password is required and the user is given a root shell with full control of the device.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45732 ‼
📖 Read
via "National Vulnerability Database".
Netgear Nighthawk R6700 version 1.0.4.120 makes use of a hardcoded credential. It does not appear that normal users are intended to be able to manipulate configuration backups due to the fact that they are encrypted/obfuscated. By extracting the configuration using readily available public tools, a user can reconfigure settings not intended to be manipulated, repackage the configuration, and restore a backup causing these settings to be changed.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20165 ‼
📖 Read
via "National Vulnerability Database".
Trendnet AC2600 TEW-827DRU version 2.08B01 does not properly implement csrf protections. Most pages lack proper usage of CSRF protections or mitigations. Additionally, pages that do make use of CSRF tokens are trivially bypassable as the server does not appear to validate them properly (i.e. re-using an old token or finding the token thru some other method is possible).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-4190 ‼
📖 Read
via "National Vulnerability Database".
Large loop in the Kafka dissector in Wireshark 3.6.0 allows denial of service via packet injection or crafted capture file📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20170 ‼
📖 Read
via "National Vulnerability Database".
Netgear RAX43 version 1.0.3.96 makes use of hardcoded credentials. It does not appear that normal users are intended to be able to manipulate configuration backups due to the fact that they are encrypted. This encryption is accomplished via a password-protected zip file with a hardcoded password (RAX50w!a4udk). By unzipping the configuration using this password, a user can reconfigure settings not intended to be manipulated, re-zip the configuration, and restore a backup causing these settings to be changed.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20164 ‼
📖 Read
via "National Vulnerability Database".
Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses credentials for the smb functionality of the device. Usernames and passwords for all smb users are revealed in plaintext on the smbserver.asp page.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20153 ‼
📖 Read
via "National Vulnerability Database".
Trendnet AC2600 TEW-827DRU version 2.08B01 contains a symlink vulnerability in the bittorrent functionality. If enabled, the bittorrent functionality is vulnerable to a symlink attack that could lead to remote code execution on the device. If an end user inserts a flash drive with a malicious symlink on it that the bittorrent client can write downloads to, then a user is able to download arbitrary files to any desired location on the devices filesystem, which could lead to remote code execution. Example directories vulnerable to this include "config", "downloads", and "torrents", though it should be noted that "downloads" is the only vector that allows for arbitrary files to be downloaded to arbitrary locations.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20132 ‼
📖 Read
via "National Vulnerability Database".
Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 use default hard-coded credentials, which can allow a remote attacker to gain administrative access to the zebra or ripd those services. Both are running with root privileges on the router (i.e., as the "admin" user, UID 0).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-4184 ‼
📖 Read
via "National Vulnerability Database".
Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20156 ‼
📖 Read
via "National Vulnerability Database".
Trendnet AC2600 TEW-827DRU version 2.08B01 contains an improper access control configuration that could allow for a malicious firmware update. It is possible to manually install firmware that may be malicious in nature as there does not appear to be any signature validation done to determine if it is from a known and trusted source. This includes firmware updates that are done via the automated "check for updates" in the admin interface. If an attacker is able to masquerade as the update server, the device will not verify that the firmware updates downloaded are legitimate.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20158 ‼
📖 Read
via "National Vulnerability Database".
Trendnet AC2600 TEW-827DRU version 2.08B01 contains an authentication bypass vulnerability. It is possible for an unauthenticated, malicous actor to force the change of the admin password due to a hidden administrative command.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20155 ‼
📖 Read
via "National Vulnerability Database".
Trendnet AC2600 TEW-827DRU version 2.08B01 makes use of hardcoded credentials. It is possible to backup and restore device configurations via the management web interface. These devices are encrypted using a hardcoded password of "12345678".📖 Read
via "National Vulnerability Database".
🗓️ Bug Bounty Radar // The latest bug bounty programs for January 2022 🗓️
📖 Read
via "The Daily Swig".
New web targets for the discerning hacker📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Bug Bounty Radar // The latest bug bounty programs for January 2022
New web targets for the discerning hacker