D-Link DAP-1650 gena.cgi SUBSCRIBE Command Injection Vulnerability

EIP-13d90c2b

The D-Link DAP-1650 contains a command injection vulnerability in the gena.cgi module when handling UPnP SUBSCRIBE messages. An unauthenticated attacker can exploit this vulnerability to gain command execution on the device as root.

Vulnerability Identifier

  • Exodus Intelligence: EIP-13d90c2b
  • MITRE: CVE-2024-23624

Vulnerability Metrics

  • CVSSv2 Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C
  • CVSSv2 Score: 8.3

Vendor References

  • The affected product is end-of-life and no patches are available.
  • https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10266

Discovery Credit

  • Exodus Intelligence

Disclosure Timeline

  • Disclosed to Vendor: December 14, 2021
  • Vendor response to disclosure: January 27, 2022
  • Disclosed to public: January 25, 2024

Further Information

Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at sales@exodusintel.com

D-Link DAP-1650 SUBSCRIBE ‘Callback’ Command Injection Vulnerability

EIP-5a0f4b12

The D-Link DAP-1650 contains a command injection vulnerability in the ‘Callback’ parameter when handling UPnP SUBSCRIBE messages. An unauthenticated attacker can exploit this vulnerability to gain command execution on the device as root.

Vulnerability Identifier

  • Exodus Intelligence: EIP-5a0f4b12
  • MITRE: CVE-2024-23625

Vulnerability Metrics

  • CVSSv2 Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C
  • CVSSv2 Score: 8.3

Vendor References

  • The affected product is end-of-life and no patches are available.
  • https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10266

Discovery Credit

  • Exodus Intelligence

Disclosure Timeline

  • Disclosed to Vendor: December 14, 2021
  • Vendor response to disclosure: January 27, 2022
  • Disclosed to public: January 25, 2024

Further Information

Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at sales@exodusintel.com

Motorola MR2600 ‘SaveSysLogParams’ Command Injection Vulnerability

EIP-552c9116

A command injection vulnerability exists in the ‘SaveSysLogParams’ parameter of the Motorola MR2600. A remote attacker can exploit this vulnerability to achieve command execution. Authentication is required, however can be bypassed.

Vulnerability Identifier

  • Exodus Intelligence: EIP-552c9116
  • MITRE: CVE-2024-23626

Vulnerability Metrics

  • CVSSv2 Vector: AV:A/AC:L/Au:S/C:C/I:C/A:C
  • CVSSv2 Score: 7.7

Vendor References

  • The affected product is end-of-life and no patches are available.

Discovery Credit

  • Exodus Intelligence

Disclosure Timeline

  • Disclosed to Vendor: April 29, 2021
  • Disclosed to public: January 25, 2024

Further Information

Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at sales@exodusintel.com

Motorola MR2600 ‘SaveStaticRouteIPv6Params’ Command Injection Vulnerability

EIP-ea3ab824

A command injection vulnerability exists in the ‘SaveStaticRouteIPv6Params’ parameter of the Motorola MR2600. A remote attacker can exploit this vulnerability to achieve command execution. Authentication is required, however can be bypassed.

Vulnerability Identifier

  • Exodus Intelligence: EIP-ea3ab824
  • MITRE: CVE-2024-23628

Vulnerability Metrics

  • CVSSv2 Vector: AV:A/AC:L/Au:S/C:C/I:C/A:C
  • CVSSv2 Score: 7.7

Vendor References

  • The affected product is end-of-life and no patches are available.

Discovery Credit

  • Exodus Intelligence

Disclosure Timeline

  • Disclosed to Vendor: April 29, 2021
  • Disclosed to public: January 25, 2024

Further Information

Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at sales@exodusintel.com

Motorola MR2600 ‘SaveStaticRouteIPv4Params’ Command Injection Vulnerability

EIP-f4472693

A command injection vulnerability exists in the ‘SaveStaticRouteIPv4Params’ parameter of the Motorola MR2600. A remote attacker can exploit this vulnerability to achieve command execution. Authentication is required, however can be bypassed.

Vulnerability Identifier

  • Exodus Intelligence: EIP-f4472693
  • MITRE: CVE-2024-23627

Vulnerability Metrics

  • CVSSv2 Vector: AV:A/AC:L/Au:S/C:C/I:C/A:C
  • CVSSv2 Score: 7.7

Vendor References

  • The affected product is end-of-life and no patches are available.

Discovery Credit

  • Exodus Intelligence

Disclosure Timeline

  • Disclosed to Vendor: April 29, 2021
  • Disclosed to public: January 25, 2024

Further Information

Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at sales@exodusintel.com

Motorola MR2600 Authentication Bypass Vulnerability

EIP-73ad9c0b

An authentication bypass vulnerability exists in the web component of the Motorola MR2600. An attacker can exploit this vulnerability to access protected URLs and retrieve sensitive information.

Vulnerability Identifier

  • Exodus Intelligence: EIP-73ad9c0b
  • MITRE: CVE-2024-23629

Vulnerability Metrics

  • CVSSv2 Vector: AV:A/AC:L/Au:N/C:C/I:C/A:N
  • CVSSv2 Score: 7.8

Vendor References

  • The affected product is end-of-life and no patches are available.

Discovery Credit

  • Exodus Intelligence

Disclosure Timeline

  • Disclosed to Vendor: April 29, 2021
  • Disclosed to public: January 25, 2024

Further Information

Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at sales@exodusintel.com

Motorola MR2600 Arbitrary Firmware Upload Vulnerability

EIP-d52674b0

An arbitrary firmware upload vulnerability exists in the Motorola MR2600. An attacker can exploit this vulnerability to achieve code execution on the device. Authentication is required, however can be bypassed.

Vulnerability Identifier

  • Exodus Intelligence: EIP-d52674b0
  • MITRE: CVE-2024-23630

Vulnerability Metrics

  • CVSSv2 Vector: AV:A/AC:L/Au:S/C:C/I:C/A:C
  • CVSSv2 Score: 7.7

Vendor References

  • The affected product is end-of-life and no patches are available.

Discovery Credit

  • Exodus Intelligence

Disclosure Timeline

  • Disclosed to Vendor: April 29, 2021
  • Disclosed to public: January 25, 2024

Further Information

Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at sales@exodusintel.com

Arris SURFboard SBG6950AC2 Arbitrary Command Execution Vulnerability

EIP-7777417a

An arbitrary command execution vulnerability exists in Arris SURFboard SBG6950AC2 devices. An unauthenticated attacker can exploit this vulnerability to achieve code execution as root.

Vulnerability Identifier

  • Exodus Intelligence: EIP-7777417a
  • MITRE: CVE-2024-23618

Vulnerability Metrics

  • CVSSv2 Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C
  • CVSSv2 Score: 8.3

Vendor References

  • The vendor has applied fixes in newer revisions of the firmware.

Discovery Credit

  • Exodus Intelligence

Disclosure Timeline

  • Disclosed to vendor: June 17, 2021
  • Vendor response to disclosure: June 21, 2021
  • Disclosed to public: January 25, 2024

Further Information

Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at sales@exodusintel.com

IBM Merge Healthcare eFilm Workstation Hardcoded Credentials

EIP-ec3c5a9d

A hardcoded credential vulnerability exists in IBM Merge Healthcare eFilm Workstation. A remote, unauthenticated attacker can exploit this vulnerability to achieve information disclosure or remote code execution.

Vulnerability Identifier

  • Exodus Intelligence: EIP-ec3c5a9d
  • MITRE: CVE-2024-23619

Vulnerability Metrics

  • CVSSv2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
  • CVSSv2 Score: 10.0

Vendor References

  • The affected product is end-of-life and no patches are available.

Discovery Credit

  • Exodus Intelligence

Disclosure Timeline

  • Disclosed to vendor: July 30, 2021
  • Vendor response to disclosure: August 23, 2021
  • Disclosed to public: January 25, 2024

Further Information

Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at sales@exodusintel.com

IBM Merge Healthcare eFilm Workstation License Server Buffer Overflow

EIP-96bd11d3

A buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server. A remote, unauthenticated attacker can exploit this vulnerability to achieve remote code execution.

Vulnerability Identifier

  • Exodus Intelligence: EIP-96bd11d3
  • MITRE: CVE-2024-23621

Vulnerability Metrics

  • CVSSv2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
  • CVSSv2 Score: 10.0

Vendor References

  • The affected product is end-of-life and no patches are available.

Discovery Credit

  • Exodus Intelligence

Disclosure Timeline

  • Disclosed to vendor: July 30, 2021
  • Vendor response to disclosure: August 23, 2021
  • Disclosed to public: January 25, 2024

Further Information

Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at sales@exodusintel.com