4 results (0.009 seconds)

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 2

Beeline Smart box 2.0.38 is vulnerable to Cross Site Request Forgery (CSRF) via mgt_end_user.htm. Beeline Smart box versión 2.0.38, es vulnerable a un ataque de tipo Cross Site Request Forgery (CSRF) por medio de el archivo mgt_end_user.htm • https://tula.beeline.ru/customers/pomosh/home/domashnij-internet/nastrojki-s-routerom/beelinesmartbox https://youtu.be/HL73yOW7YWU?t=540 https://youtu.be/WtcyIVImcwc • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 2

Beeline Smart Box 2.0.38 is vulnerable to Cross Site Scripting (XSS) via the choose_mac parameter to setup.cgi. Beeline Smart Box versión 2.0.38, es vulnerable a un ataque de tipo Cross Site Scripting (XSS) por medio del parámetro choose_mac del archivo setup.cgi • https://tula.beeline.ru/customers/pomosh/home/domashnij-internet/nastrojki-s-routerom/beelinesmartbox https://youtu.be/CbWI-JQteRo https://youtu.be/HL73yOW7YWU?t=520 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.0EPSS: 56%CPEs: 2EXPL: 3

Beeline Smart Box 2.0.38 routers allow "Advanced settings > Other > Diagnostics" OS command injection via the Ping ping_ipaddr parameter, the Nslookup nslookup_ipaddr parameter, or the Traceroute traceroute_ipaddr parameter. Los routers Beeline Smart Box versión 2.0.38, permiten una inyección de comando del Sistema Operativo de "Advanced settings ) Other ) Diagnostics" por medio del parámetro Ping ping_ipaddr, el parámetro Nslookup nslookup_ipaddr, o el parámetro Traceroute traceroute_ipaddr. • https://medium.com/%40Pavel.Step/security-analysis-of-the-smart-box-router-932f86dc8a9e https://yadi.sk/i/YdfXr-ofAN2ZWA https://yadi.sk/i/iIUCJVaGEuSaAw https://yadi.sk/i/jXV87yn4ZJfSHA • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 9.3EPSS: 1%CPEs: 38EXPL: 1

Android devices with code from Ragentek contain a privileged binary that performs over-the-air (OTA) update checks. Additionally, there are multiple techniques used to hide the execution of this binary. This behavior could be described as a rootkit. This binary, which resides as /system/bin/debugs, runs with root privileges and does not communicate over an encrypted channel. The binary has been shown to communicate with three hosts via HTTP: oyag[.]lhzbdvm[.]com oyag[.]prugskh[.]net oyag[.]prugskh[.]com Server responses to requests sent by the debugs binary include functionalities to execute arbitrary commands as root, install applications, or update configurations. • https://www.bitsighttech.com/blog/ragentek-android-ota-update-mechanism-vulnerable-to-mitm-attack https://www.kb.cert.org/vuls/id/624539 https://www.securityfocus.com/bid/94393 • CWE-264: Permissions, Privileges, and Access Controls CWE-494: Download of Code Without Integrity Check •