The GET parameter cmd is freely available to directly execute system commands with no prior required authentication which lead to full hardware takeover.
This module will bypass Windows UAC by utilizing eventvwr.exe and hijacking entries registry on Windows.
This vulnerability allows an attacker to download the configuration file of the MESSOA NIC990 IP-Camera without authentication. The configuration file contains the administrator's username and password, which can be used to gain access to the camera's web interface.
This vulnerability allows an attacker to bypass authentication and download the configuration file of the TOSHIBA IK-WP41A IP-Camera. By sending a specially crafted HTTP request to the chklogin.cgi script, an attacker can download the configuration file without authentication.
JVC IP-Camera (VN-T216VPRU) allows to unauthenticated user disclose the username & password remotely by simple request which made by browser.
Vanderbilt IP-Camera (CCPW3025-IR + CVMW3025-IR) allows to unauthenticated user disclose the username & password remotely by simple request which made by browser.
This exploit allows an attacker to download the configuration file of multiple SIEMENS IP Cameras without authentication. The vulnerable cameras are SIEMENS IP Camera CCID1410-ST X.1.0.24, SIEMENS IP Camera CCMW1025 x.2.2.1798, SIEMENS IP Camera CCMS2025 x.2.2.1798, SIEMENS IP Camera CVMS2025-IR x.2.2.1798, SIEMENS IP Camera CVMS2025-IR CxMS2025_V2458, SIEMENS IP Camera CVMS2025-IR CxMS2025_V2458_SP1, and SIEMENS IP Camera CCPW5025-IR CCPWx025_V0.1.58. The attacker can access the configuration file by sending a request to the following URLs: http://TARGET/cgi-bin/chklogin.cgi?file=config.ini and http://TARGET/cgi-bin/check.cgi?file=ikwd03conf.ini
Honeywell IP-Camera (HICC-1100PT) allows to unauthenticated user disclose the username & password remotely by simple request which made by browser.
This exploit allows an attacker to remotely change the admin user and password of a SIEMENS IP Camera CCMW1025 x.2.2.1798 device. The attacker can use the GET command to send a request to the device's CGI-bin/writefile.cgi script with the new user and password parameters. This will allow the attacker to gain access to the device with the new credentials.
The exploit allows an attacker to bypass authentication on Cisco ASA 8.X devices by exploiting a vulnerability in the SNMP service. The attacker needs to have access to the SNMP service and the SNMP read (public) string. The exploit was released by the Equation Group in 2016 and tested on Cisco ASA 8.4.2.
Services By CQR