zaee-k
zaee-k
/ gist:de42a5d40661f9b6123a65c13e82aac8
Created
November 10, 2022 15:05
Brother CVE-2017-12568 Reporting
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Denial of Service vulnerability in Debut embedded httpd 1.20 in Brother | |
| DCP-J132W (and probably other DCP models) allows remote attackers to | |
| hang the printer (disrupting its network connection) by sending a | |
| large amount of HTTP packets. | |
| ------------------------------------------ | |
| [Vulnerability Type Other] | |
| CWE-400, Denial of Service |
zaee-k
/ gist:390b2f8e50407e4b199df806baa7e4ef
Last active
April 18, 2022 23:11
Hitron CHITA OS Command Injection (UPC Branded)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Exploit Title: Hitron CHITA OS Command Injection to DoS | |
| # Software: Hitron Technologies CHITA Router Firmware (UPC branded) | |
| # Version: 7.2.2.0.3b6-CD | |
| # Author: `zaeek` (GBTI SA) | |
| # CVE: CVE-2022-25017 | |
| # CWE: CWE-77 | CWE-400 | |
| # Date: 15.04.2021 | |
| # CVSSv3: 9.1 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H) | |
| Summary: A command injection vulnerability in Hitron CHITA router allows execution of OS commands. The injection vector resides at dynamic dns services "dyndns" configuration logic. |