Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway systems suffer from an issue where due to the hidden and undocumented File Editor (Filesystem Browser) shell script ‘system-editor.sh’ an attacker can leverage this issue to read, modify or delete arbitrary files on the system. Input passed thru the ‘path’ and ‘savefile’, ‘edit’ and ‘delfile’ GET and […]
Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway systems suffer from a system backup configuration file ‘IPn4G.config’ in ‘/’ directory or its respective name based on the model name including the similar files in ‘/www/cgi-bin/system.conf’, ‘/tmp’ and the cli.conf in ‘/etc/m_cli/’ can be downloaded by an authenticated attacker in certain circumstances. This will enable the […]
Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway systems suffer from an open redirection vulnerability. Many versions are affected.
Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway systems have a web shell application that includes a service called Microhard Sh that is documented only as ‘reserved for internal use’. This service can be enabled by an authenticated user within the Services menu in the web admin panel. This can also be enabled via CSRF […]
This Metasploit module takes advantage of miner remote manager APIs to exploit an remote code execution vulnerability.
This Metasploit module exploits a command injection vulnerability in the change_passwd API method within the web interface of QNAP Q’Center virtual appliance versions prior to 1.7.1083. The vulnerability allows the ‘admin’ privileged user account to execute arbitrary commands as the ‘admin’ operating system user. Valid credentials for the ‘admin’ user account are required, however, this […]
An independent vulnerability laboratory researcher discovered an insecure file permission vulnerability in the Binance v…
The vulnerability laboratory core research team discovered a cross site vulnerability in the official Barracuda Networks…
http://www.nadokkham.go.th/activity/images/95433.jpg notified by BlackErroR
Tags:
defacement