CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2014-6733
https://notcve.org/view.php?id=CVE-2014-6733
The My T-Mobile (aka at.tmobile.android.myt) application @7F0C0030 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. La aplicación My T-Mobile (también conocido como at.tmobile.android.myt) @7F0C0030 para Android no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle falsificar servidores y obtener información sensible a través de un certificado manipulado. • http://www.kb.cert.org/vuls/id/175057 http://www.kb.cert.org/vuls/id/582497 https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing • CWE-310: Cryptographic Issues •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 2CVE-2014-2925
https://notcve.org/view.php?id=CVE-2014-2925
Cross-site scripting (XSS) vulnerability in Advanced_Wireless_Content.asp in ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote attackers to inject arbitrary web script or HTML via the current_page parameter to apply.cgi. Vulnerabilidad de XSS en Advanced_Wireless_Content.asp en routers ASUS RT-AC68U y otros de la serie RT con firmware anterior a 3.0.0.4.374.5047 permite a atacantes remotos inyectar script Web o HTML arbitrarios a través del parámetro current_page hacia apply.cgi. • http://seclists.org/fulldisclosure/2014/Apr/59 http://support.asus.com/download.aspx?m=RT-N66U+%28VER.B1%29 http://www.asus.com/Networking/RTAC68U/HelpDesk_Download http://www.securityfocus.com/bid/66669 https://support.t-mobile.com/docs/DOC-21994 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.5EPSS: 1%CPEs: 5EXPL: 2CVE-2013-5948 – Asus RT56U 3.0.0.4.360 - Remote Command Injection
https://notcve.org/view.php?id=CVE-2013-5948
The Network Analysis tab (Main_Analysis_Content.asp) in the ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the Target field (destIP parameter). La etiqueta Network Analysis (Main_Analysis_Content.asp) en los routers ASUS RT-AC68U y otros series RT con firmware anterior a 3.0.0.4.374.5047 permite a usuarios remotos autenticados ejecutar comandos arbitrarios a través de metacaracteres de shell en el campo Target ( parámetro destIP). • https://www.exploit-db.com/exploits/25998 http://seclists.org/fulldisclosure/2014/Apr/59 http://seclists.org/fulldisclosure/2014/Apr/66 http://support.asus.com/download.aspx?m=RT-N66U+%28VER.B1%29 https://support.t-mobile.com/docs/DOC-21994 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.3EPSS: 0%CPEs: 52EXPL: 0CVE-2014-2719 – ASUS RT Password Disclosure
https://notcve.org/view.php?id=CVE-2014-2719
Advanced_System_Content.asp in the ASUS RT series routers with firmware before 3.0.0.4.374.5517, when an administrator session is active, allows remote authenticated users to obtain the administrator user name and password by reading the source code. Advanced_System_Content.asp en routers de la serie ASUS RT con firmware anterior a 3.0.0.4.374.5517, cuando una sesión de administrador está activa, permite a usuarios remotos autenticados obtener el nombre de usuario y contraseña del administrador mediante la lectura del código fuente. ASUS RT series of routers disclose administrative credentials. • http://dnlongen.blogspot.com/2014/04/CVE-2014-2719-Asus-RT-Password-Disclosure.html http://seclists.org/fulldisclosure/2014/Apr/225 http://support.asus.com/download.aspx?m=RT-N66U+%28VER.B1%29 https://support.t-mobile.com/docs/DOC-21994 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.2EPSS: 0%CPEs: 101EXPL: 1CVE-2013-1813 – busybox: insecure directory permissions in /dev
https://notcve.org/view.php?id=CVE-2013-1813
util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creating nested directories under /dev/, which allows local users to have unknown impact and attack vectors. util-linux/mdev.c en BusyBox anterior a la versión 1.21.0 utiliza permisos 0777 en directorios padre al crear directorios anidados bajo /dev/, lo que permite a usuarios locales tener un impacto y vectores de ataques desconocidos. The industrial managed switch series 852 from WAGO is affected by multiple vulnerabilities such as old software components embedded in the firmware. Furthermore, hardcoded password hashes and credentials were also found by doing an automated scan with IoT Inspector. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701965 http://git.busybox.net/busybox/commit/?id=4609f477c7e043a4f6147dfe6e86b775da2ef784 http://lists.busybox.net/pipermail/busybox/2013-January/078864.html http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html http://rhn.redhat.com/errata/RHSA-2013-1732.html http://seclists.org/fulldisclosure/2019/Jun/18 http://seclists.org/fulldisclosure/2020/Aug/20 http://seclists.org/fulldisclosure& • CWE-264: Permissions, Privileges, and Access Controls •