EXODUS BLOG

Advisories

D-Link DAP-1650 gena.cgi SUBSCRIBE Command Injection Vulnerability

JANUARY 25, 2024

EIP-13d90c2b The D-Link DAP-1650 contains a command injection vulnerability in the gena.cgi module when handling UPnP SUBSCRIBE messages. An unauthenticated attacker can exploit this vulnerability to gain command execution on the device as root....

D-Link DAP-1650 SUBSCRIBE ‘Callback’ Command Injection Vulnerability

JANUARY 25, 2024

EIP-5a0f4b12 The D-Link DAP-1650 contains a command injection vulnerability in the ‘Callback’ parameter when handling UPnP SUBSCRIBE messages. An unauthenticated attacker can exploit this vulnerability to gain command execution on the device as root....

Motorola MR2600 ‘SaveSysLogParams’ Command Injection Vulnerability

JANUARY 25, 2024

EIP-552c9116 A command injection vulnerability exists in the ‘SaveSysLogParams’ parameter of the Motorola MR2600. A remote attacker can exploit this vulnerability to achieve command execution. Authentication is required, however can be bypassed. Vulnerability Identifier...

Motorola MR2600 ‘SaveStaticRouteIPv6Params’ Command Injection Vulnerability

JANUARY 25, 2024

EIP-ea3ab824 A command injection vulnerability exists in the ‘SaveStaticRouteIPv6Params’ parameter of the Motorola MR2600. A remote attacker can exploit this vulnerability to achieve command execution. Authentication is required, however can be bypassed. Vulnerability Identifier...

Motorola MR2600 ‘SaveStaticRouteIPv4Params’ Command Injection Vulnerability

JANUARY 25, 2024

EIP-f4472693 A command injection vulnerability exists in the ‘SaveStaticRouteIPv4Params’ parameter of the Motorola MR2600. A remote attacker can exploit this vulnerability to achieve command execution. Authentication is required, however can be bypassed. Vulnerability Identifier...

Motorola MR2600 Authentication Bypass Vulnerability

JANUARY 25, 2024

EIP-73ad9c0b An authentication bypass vulnerability exists in the web component of the Motorola MR2600. An attacker can exploit this vulnerability to access protected URLs and retrieve sensitive information. Vulnerability Identifier Exodus Intelligence: EIP-73ad9c0b MITRE:...

Motorola MR2600 Arbitrary Firmware Upload Vulnerability

JANUARY 25, 2024

EIP-d52674b0 An arbitrary firmware upload vulnerability exists in the Motorola MR2600. An attacker can exploit this vulnerability to achieve code execution on the device. Authentication is required, however can be bypassed. Vulnerability Identifier Exodus...

Arris SURFboard SBG6950AC2 Arbitrary Command Execution Vulnerability

JANUARY 25, 2024

EIP-7777417a An arbitrary command execution vulnerability exists in Arris SURFboard SBG6950AC2 devices. An unauthenticated attacker can exploit this vulnerability to achieve code execution as root. Vulnerability Identifier Exodus Intelligence: EIP-7777417a MITRE: CVE-2024-23618 Vulnerability Metrics CVSSv2...

IBM Merge Healthcare eFilm Workstation Hardcoded Credentials

JANUARY 25, 2024

EIP-ec3c5a9d A hardcoded credential vulnerability exists in IBM Merge Healthcare eFilm Workstation. A remote, unauthenticated attacker can exploit this vulnerability to achieve information disclosure or remote code execution. Vulnerability Identifier Exodus Intelligence: EIP-ec3c5a9d MITRE: CVE-2024-23619...

IBM Merge Healthcare eFilm Workstation License Server Buffer Overflow

JANUARY 25, 2024

EIP-96bd11d3 A buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server. A remote, unauthenticated attacker can exploit this vulnerability to achieve remote code execution. Vulnerability Identifier Exodus Intelligence: EIP-96bd11d3 MITRE: CVE-2024-23621 Vulnerability Metrics...

1 2 3 Next →