Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
CVE-2018-12072 & CVE-2018-12073
CVE-2018-12072
[Description]
An issue was discovered in Cloud Media Popcorn A-200 03-05-130708-21-POP-411-000 firmware.
It is configured to provide TELNET remote access (without a password) that
pops a shell as root. If an attacker can connect to port 23 on the device, he can
completely compromise it.
------------------------------------------
[Vulnerability Type]
Incorrect Access Control
------------------------------------------
[Vendor of Product]
Cloud Media
------------------------------------------
[Affected Product Code Base]
Popcorn A-200 - Firmware 03-05-130708-21-POP-411-000
------------------------------------------
[Affected Component]
Popcorn A-200
------------------------------------------
[Attack Type]
Remote
------------------------------------------
[Impact Code execution]
true
------------------------------------------
[Impact Denial of Service]
true
------------------------------------------
[Impact Information Disclosure]
true
------------------------------------------
[Attack Vectors]
Remote TCP connections
------------------------------------------
[Discoverer]
Tomas Bortoli
------------------------------------------
[Reference]
http://support.cloudmedia.com
CVE-2018-12073
> [Description]
> An issue was discovered on Eminent EM4544 9.10 devices.
> The device does not require the user's current password to set a new
> one within the web interface. Therefore, it is possible to exploit
> this issue (e.g., in combination with a successful XSS, or at an unattended workstation) to change the
> admin password to an attacker-chosen value without knowing the
> current password.
>
> ------------------------------------------
>
> [VulnerabilityType Other]
> Insecure password management
>
> ------------------------------------------
>
> [Vendor of Product]
> Eminent
>
> ------------------------------------------
>
> [Affected Product Code Base]
> EM4544 - 9.10
>
> ------------------------------------------
>
> [Affected Component]
> EM4544 - 9.10
>
> ------------------------------------------
>
> [Attack Type Other]
> Bad password management
>
> ------------------------------------------
>
> [CVE Impact Other]
> Change password without knowing the current one
>
> ------------------------------------------
>
> [Attack Vectors]
> Web interface, change password
>
> ------------------------------------------
>
> [Has vendor confirmed or acknowledged the vulnerability?]
> true
>
> ------------------------------------------
>
> [Discoverer]
> Tomas Bortoli
>
> ------------------------------------------
>
> [Reference]
> http://www.eminent-online.com/eminent-em4544-pro-wireless-300n-router.html
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.