|
296011
|
10.0 |
CRITICAL
Network
|
grandstream
|
gxv3501_firmware
gxv3504_firmware
gxv3601_firmware
gxv3601hd_firmware
gxv3601ll_firmware
gxv3611hd_firmware
gxv3611ll_firmware
gxv3615w_firmware
gxv3615p_firmware
gxv3651fh…
|
Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models with firmware 1.0.4.11, have a hardcoded …
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2013-3542
|
2024-11-21 10:53 |
2019-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296012
|
7.5 |
HIGH
Network
|
loftek
|
nexus_543_firmware
|
The Loftek Nexus 543 IP Camera allows remote attackers to obtain (1) IP addresses via a request to get_realip.cgi or (2) firmware versions (ui and system), timestamp, serial number, p2p port number, …
|
CWE-200
Information Exposure
|
CVE-2013-3314
|
2024-11-21 10:53 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296013
|
7.5 |
HIGH
Network
|
loftek
|
nexus_543_firmware
|
The Loftek Nexus 543 IP Camera stores passwords in cleartext, which allows remote attackers to obtain sensitive information via an HTTP GET request to check_users.cgi. NOTE: cleartext passwords can a…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2013-3313
|
2024-11-21 10:53 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296014
|
8.8 |
HIGH
Network
|
loftek
|
nexus_543_firmware
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the Loftek Nexus 543 IP Camera allow remote attackers to hijack the authentication of unspecified victims for requests that change (1) pa…
|
CWE-352
Origin Validation Error
|
CVE-2013-3312
|
2024-11-21 10:53 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296015
|
7.5 |
HIGH
Network
|
loftek
|
nexus_543_firmware
|
Directory traversal vulnerability in the Loftek Nexus 543 IP Camera allows remote attackers to read arbitrary files via a .. (dot dot) in the URL of an HTTP GET request.
|
CWE-22
Path Traversal
|
CVE-2013-3311
|
2024-11-21 10:53 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296016
|
8.8 |
HIGH
Network
|
trendnet
|
tew-812dru_firmware
|
Undocumented TELNET service in TRENDnet TEW-812DRU when a web page named backdoor contains an HTML parameter of password and a value of j78G¬DFdg_24Mhw3.
|
CWE-352
Origin Validation Error
|
CVE-2013-3366
|
2024-11-21 10:53 |
2019-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296017
|
6.1 |
MEDIUM
Network
|
actiontec
|
mi424wr-gen3i_firmware
|
Unspecified Cross-site scripting (XSS) vulnerability in the Verizon FIOS Actiontec MI424WR-GEN3I router.
|
CWE-79
Cross-site Scripting
|
CVE-2013-3097
|
2024-11-21 10:53 |
2019-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296018
|
9.8 |
CRITICAL
Network
|
trendnet
|
tew-691gr_firmware
tew-692gr_firmware
|
Undocumented TELNET service in TRENDnet TEW-691GR and TEW-692GR when a web page named backdoor contains an HTML parameter of password and a value of j78G¬DFdg_24Mhw3.
|
CWE-287
Improper Authentication
|
CVE-2013-3367
|
2024-11-21 10:53 |
2019-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296019
|
6.5 |
MEDIUM
Network
|
netgear
|
wnr3500u_firmware
wnr3500l_firmware
|
NETGEAR WNR3500U and WNR3500L routers uses form tokens abased solely on router's current date and time, which allows attackers to guess the CSRF tokens.
|
CWE-352
Origin Validation Error
|
CVE-2013-3516
|
2024-11-21 10:53 |
2019-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296020
|
5.4 |
MEDIUM
Network
|
netgear
|
wnr3500u_firmware
wnr3500l_firmware
|
Cross-site scripting (XSS) vulnerability in NETGEAR WNR3500U and WNR3500L.
|
CWE-79
Cross-site Scripting
|
CVE-2013-3517
|
2024-11-21 10:53 |
2019-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
