This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Denial of Service vulnerability in Debut embedded httpd 1.20 in Brother | |
DCP-J132W (and probably other DCP models) allows remote attackers to | |
hang the printer (disrupting its network connection) by sending a | |
large amount of HTTP packets. | |
------------------------------------------ | |
[Vulnerability Type Other] | |
CWE-400, Denial of Service |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Exploit Title: Hitron CHITA OS Command Injection to DoS | |
# Software: Hitron Technologies CHITA Router Firmware (UPC branded) | |
# Version: 7.2.2.0.3b6-CD | |
# Author: `zaeek` (GBTI SA) | |
# CVE: CVE-2022-25017 | |
# CWE: CWE-77 | CWE-400 | |
# Date: 15.04.2021 | |
# CVSSv3: 9.1 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H) | |
Summary: A command injection vulnerability in Hitron CHITA router allows execution of OS commands. The injection vector resides at dynamic dns services "dyndns" configuration logic. |