Created
June 9, 2018 09:14
-
-
Save freetom/2a446a226d0e98807c8b0c1111ef2def to your computer and use it in GitHub Desktop.
CVE-2018-12072 & CVE-2018-12073
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
CVE-2018-12072 | |
[Description] | |
An issue was discovered in Cloud Media Popcorn A-200 03-05-130708-21-POP-411-000 firmware. | |
It is configured to provide TELNET remote access (without a password) that | |
pops a shell as root. If an attacker can connect to port 23 on the device, he can | |
completely compromise it. | |
------------------------------------------ | |
[Vulnerability Type] | |
Incorrect Access Control | |
------------------------------------------ | |
[Vendor of Product] | |
Cloud Media | |
------------------------------------------ | |
[Affected Product Code Base] | |
Popcorn A-200 - Firmware 03-05-130708-21-POP-411-000 | |
------------------------------------------ | |
[Affected Component] | |
Popcorn A-200 | |
------------------------------------------ | |
[Attack Type] | |
Remote | |
------------------------------------------ | |
[Impact Code execution] | |
true | |
------------------------------------------ | |
[Impact Denial of Service] | |
true | |
------------------------------------------ | |
[Impact Information Disclosure] | |
true | |
------------------------------------------ | |
[Attack Vectors] | |
Remote TCP connections | |
------------------------------------------ | |
[Discoverer] | |
Tomas Bortoli | |
------------------------------------------ | |
[Reference] | |
http://support.cloudmedia.com | |
CVE-2018-12073 | |
> [Description] | |
> An issue was discovered on Eminent EM4544 9.10 devices. | |
> The device does not require the user's current password to set a new | |
> one within the web interface. Therefore, it is possible to exploit | |
> this issue (e.g., in combination with a successful XSS, or at an unattended workstation) to change the | |
> admin password to an attacker-chosen value without knowing the | |
> current password. | |
> | |
> ------------------------------------------ | |
> | |
> [VulnerabilityType Other] | |
> Insecure password management | |
> | |
> ------------------------------------------ | |
> | |
> [Vendor of Product] | |
> Eminent | |
> | |
> ------------------------------------------ | |
> | |
> [Affected Product Code Base] | |
> EM4544 - 9.10 | |
> | |
> ------------------------------------------ | |
> | |
> [Affected Component] | |
> EM4544 - 9.10 | |
> | |
> ------------------------------------------ | |
> | |
> [Attack Type Other] | |
> Bad password management | |
> | |
> ------------------------------------------ | |
> | |
> [CVE Impact Other] | |
> Change password without knowing the current one | |
> | |
> ------------------------------------------ | |
> | |
> [Attack Vectors] | |
> Web interface, change password | |
> | |
> ------------------------------------------ | |
> | |
> [Has vendor confirmed or acknowledged the vulnerability?] | |
> true | |
> | |
> ------------------------------------------ | |
> | |
> [Discoverer] | |
> Tomas Bortoli | |
> | |
> ------------------------------------------ | |
> | |
> [Reference] | |
> http://www.eminent-online.com/eminent-em4544-pro-wireless-300n-router.html |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment