This exploit allows an attacker to change the DNS settings of a TP-Link ADSL2+ TD-W8950ND router without authentication. The exploit is achieved by sending a GET request to the router's dnscfg.cgi page with the desired DNS settings as parameters.
Broadlight Residential Gateway DI3124 is vulnerable to unauthenticated remote DNS change. An attacker can exploit this vulnerability by sending a malicious GET request to the target server. The malicious request will change the DNS server of the target device to the attacker's DNS server. This will allow the attacker to intercept the traffic of the target device.
Seagate Central stores linked Facebook account access tokens in /etc/archive_accounts.ser and this exploit takes advantage of two bugs: 1) Passwordless root login via FTP to retrieve archive_accounts.ser file which contains access tokens and 2) Reuses the unencrypted and unprotected (-rw-r--r--) access tokens for a chosen scope to return data.
Seagate Central by default has a passwordless root account (and no option to change it). One way to exploit this is to log into it's ftp server and upload a php shell to the webroot. From there, we can execute commands with root privileges as lighttpd is also running as root.
The vulnerability is caused due to a boundary error in the processing of a user input in the registration id field of the registration procedure, which can be exploited to cause a buffer overflow when a user inserts long array of string for the ID. Successful exploitation could allow execution of arbitrary code on the affected machine.
On the registration form the address field is not validated before returning it to the user. Visiting the Directory page, will show the confirm window.
This vulnerability allows an attacker to gain access to the I/O ports of a system, which can be used to gain access to privileged information or to execute malicious code. The vulnerability is caused by the use of the iopl() function in the code, which allows an attacker to gain access to the I/O ports of a system. The code also contains a loop that can be used to push data into the FIFO register, which can be used to gain access to privileged information or to execute malicious code.
This exploit disables some features of the modem, forcing the administrator of the device, accessing the page to reconfigure the modem again, occurring script execution in the browser of internal network users.
This exploit disables some features of the modem, forcing the administrator of the device, accessing the page to reconfigure the modem again, occurring script execution in the browser of internal network users.
This plugin is vulnerable to a combination of CSRF/XSS attack meaning that if an admin user can be tricked to visit a crafted URL created by attacker (via spear phishing/social engineering), the attacker can insert arbitrary script into admin page. Once exploited, admin's browser can be made to do almost anything the admin user could typically do by hijacking admin's cookies etc.