Softaculous Webuzo Authentication Bypass

July 25, 2024 No Comments
EIP-ce40b086 Softaculous Webuzo contains an authentication bypass vulnerability through the password reset functionality. Remote, anonymous attackers can exploit this vulnerability to gain full server access as the root user. Vulnerability Identifier Exodus Intelligence: EIP-ce40b086 MITRE: CVE-2024-24621 Vulnerability Metrics CVSSv2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C CVSSv2
Read More »

Softaculous Webuzo FTP Management Command Injection

July 25, 2024 No Comments
EIP-4ab5e9b4 Softaculous Webuzo contains a command injection vulnerability in the FTP management functionality. A remote, authenticated attacker can exploit this vulnerability to gain code execution on the system. Vulnerability Identifier Exodus Intelligence: EIP-4ab5e9b4 MITRE: CVE-2024-24623 Vulnerability Metrics CVSSv2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C CVSSv2 Score:
Read More »

Softaculous Webuzo Password Reset Command Injection

July 25, 2024 No Comments
EIP-92dd8e27 Softaculous Webuzo contains a command injection in the password reset functionality. A remote, authenticated attacker can exploit this vulnerability to gain code execution on the system. Vulnerability Identifier Exodus Intelligence: EIP-92dd8e27 MITRE: CVE-2024-24622 Vulnerability Metrics CVSSv2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C CVSSv2 Score: 9.0
Read More »

D-Link DAP-1650 gena.cgi SUBSCRIBE Command Injection Vulnerability

January 25, 2024 No Comments
EIP-13d90c2b The D-Link DAP-1650 contains a command injection vulnerability in the gena.cgi module when handling UPnP SUBSCRIBE messages. An unauthenticated attacker can exploit this vulnerability to gain command execution on the device as root. Vulnerability Identifier Exodus Intelligence: EIP-13d90c2b MITRE: CVE-2024-23624 Vulnerability Metrics
Read More »

D-Link DAP-1650 SUBSCRIBE ‘Callback’ Command Injection Vulnerability

January 25, 2024 No Comments
EIP-5a0f4b12 The D-Link DAP-1650 contains a command injection vulnerability in the ‘Callback’ parameter when handling UPnP SUBSCRIBE messages. An unauthenticated attacker can exploit this vulnerability to gain command execution on the device as root. Vulnerability Identifier Exodus Intelligence: EIP-5a0f4b12 MITRE: CVE-2024-23625 Vulnerability Metrics
Read More »

Motorola MR2600 ‘SaveSysLogParams’ Command Injection Vulnerability

January 25, 2024 No Comments
EIP-552c9116 A command injection vulnerability exists in the ‘SaveSysLogParams’ parameter of the Motorola MR2600. A remote attacker can exploit this vulnerability to achieve command execution. Authentication is required, however can be bypassed. Vulnerability Identifier Exodus Intelligence: EIP-552c9116 MITRE: CVE-2024-23626 Vulnerability Metrics CVSSv2
Read More »

Motorola MR2600 ‘SaveStaticRouteIPv6Params’ Command Injection Vulnerability

January 25, 2024 No Comments
EIP-ea3ab824 A command injection vulnerability exists in the ‘SaveStaticRouteIPv6Params’ parameter of the Motorola MR2600. A remote attacker can exploit this vulnerability to achieve command execution. Authentication is required, however can be bypassed. Vulnerability Identifier Exodus Intelligence: EIP-ea3ab824 MITRE: CVE-2024-23628 Vulnerability Metrics CVSSv2
Read More »

Motorola MR2600 ‘SaveStaticRouteIPv4Params’ Command Injection Vulnerability

January 25, 2024 No Comments
EIP-f4472693 A command injection vulnerability exists in the ‘SaveStaticRouteIPv4Params’ parameter of the Motorola MR2600. A remote attacker can exploit this vulnerability to achieve command execution. Authentication is required, however can be bypassed. Vulnerability Identifier Exodus Intelligence: EIP-f4472693 MITRE: CVE-2024-23627 Vulnerability Metrics CVSSv2
Read More »

Motorola MR2600 Authentication Bypass Vulnerability

January 25, 2024 No Comments
EIP-73ad9c0b An authentication bypass vulnerability exists in the web component of the Motorola MR2600. An attacker can exploit this vulnerability to access protected URLs and retrieve sensitive information. Vulnerability Identifier Exodus Intelligence: EIP-73ad9c0b MITRE: CVE-2024-23629 Vulnerability Metrics CVSSv2 Vector: AV:A/AC:L/Au:N/C:C/I:C/A:N CVSSv2 Score:
Read More »

Motorola MR2600 Arbitrary Firmware Upload Vulnerability

January 25, 2024 No Comments
EIP-d52674b0 An arbitrary firmware upload vulnerability exists in the Motorola MR2600. An attacker can exploit this vulnerability to achieve code execution on the device. Authentication is required, however can be bypassed. Vulnerability Identifier Exodus Intelligence: EIP-d52674b0 MITRE: CVE-2024-23630 Vulnerability Metrics CVSSv2 Vector:
Read More »

Arris SURFboard SBG6950AC2 Arbitrary Command Execution Vulnerability

January 25, 2024 No Comments
EIP-7777417a An arbitrary command execution vulnerability exists in Arris SURFboard SBG6950AC2 devices. An unauthenticated attacker can exploit this vulnerability to achieve code execution as root. Vulnerability Identifier Exodus Intelligence: EIP-7777417a MITRE: CVE-2024-23618 Vulnerability Metrics CVSSv2 Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C CVSSv2 Score: 8.3 Vendor References The
Read More »

IBM Merge Healthcare eFilm Workstation Hardcoded Credentials

January 25, 2024 No Comments
EIP-ec3c5a9d A hardcoded credential vulnerability exists in IBM Merge Healthcare eFilm Workstation. A remote, unauthenticated attacker can exploit this vulnerability to achieve information disclosure or remote code execution. Vulnerability Identifier Exodus Intelligence: EIP-ec3c5a9d MITRE: CVE-2024-23619 Vulnerability Metrics CVSSv2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C CVSSv2 Score: 10.0
Read More »
1 2 7