Posts

  • D-Link routers - full takeover

    Multiple vulnerabilities in D-Link routers allow to take full control over the device without any user interaction through the Web interface. Verified affected devices: DWR-111, DWR-116, DIR-140L, DIR-640L, DWR-512, DWR-712, DWR-912, DWR-921 but the problem may be related to other as well.
  • ASUS routers - part II (CVE-2017-15653, CVE-2017-15654, CVE-2017-15656)

    Vulnerability in all new ASUS routers which allows to totally take over the device. Up to date of disclosure the vulnerability affected all new versions of ASUSWRT. Older versions were vulnerable too - see CVE-2017-15655.
  • ASUS routers - part I (CVE-2017-15655)

    Vulnerability in older ASUS routers which allows to totally take over the device. Newer versions were vulnerable too - see CVE-2017-15654 and others.
  • ManageEngine Password Manager Pro <= 8.1 (build 8100) - SQL Injection vulnerability

    An authenticated user (even the guest user) is able to execute arbitrary SQL code in ManageEngine Password Manager Pro before version 8.1 (build 8101). This allows the attacker to obtain superadmin priviledges and retrieve full access to all stored secrets.

subscribe via RSS