Published: 2025-11-14T23:15:43.640 Overview CVE-2023-7328 details a significant security vulnerability affecting Screen SFT DAB 600/C firmware versions up to and including 1.9.3. This vulnerability stems from an improper access control on the user management API, enabling unauthenticated attackers to retrieve sensitive user data. This data includes account names and connection metadata, such as client IP addresses and timeout values. This exposure can have serious consequences for the security and privacy of users of the affected devices. Technical Details The vulnerability lies in the insufficient access control mechanisms implemented for the user management API. An attacker can directly query the API endpoints…

Overview CVE-2022-4985 details a significant security vulnerability affecting Vodafone H500s devices running firmware v3.5.10 (hardware model Sercomm VFH500). This flaw allows unauthenticated remote attackers to retrieve the WiFi access point password by sending a crafted HTTP GET request. This unauthorized access can compromise the confidentiality of network traffic and any attached systems, leading to potential data breaches and other malicious activities. Technical Details The vulnerability resides in the /data/activation.json endpoint. By sending a specifically crafted HTTP GET request to this endpoint with certain headers and cookies, an attacker can retrieve a JSON document. This document contains the wifi_password field, which…

Overview CVE-2021-4471 details a significant security vulnerability in the TG8 Firewall. This flaw allows a remote, unauthenticated attacker to access a sensitive directory, such as /data/, via HTTP without any authentication requirements. This directory contains credential files for previously logged-in users, potentially exposing usernames and passwords. Technical Details The vulnerability stems from the TG8 Firewall’s failure to implement proper access controls on certain directories. Specifically, the /data/ directory, which stores user credential files, is accessible over HTTP without any form of authentication. An attacker can enumerate and download files within this directory. By analyzing these files, the attacker can obtain…

Overview CVE-2021-4470 details a critical pre-authentication remote code execution (RCE) vulnerability affecting the TG8 Firewall. This flaw allows an unauthenticated attacker to execute arbitrary operating system commands with root privileges on the affected device. The vulnerability resides in the runphpcmd.php endpoint and stems from the lack of input validation on the syscmd POST parameter. Technical Details The TG8 Firewall’s runphpcmd.php endpoint is intended to execute system commands. However, the syscmd POST parameter, which provides the command to be executed, is passed directly to the underlying system without any validation or sanitization. This allows a remote, unauthenticated attacker to inject malicious…

Overview CVE-2021-4469 details a significant security vulnerability affecting Denver SHO-110 IP cameras. This flaw allows unauthorized access to image snapshots from the camera feed, potentially compromising the privacy and security of the monitored environment. The vulnerability stems from a secondary HTTP service running on TCP port 8001, which lacks authentication requirements for accessing the ‘/snapshot’ endpoint. Technical Details The Denver SHO-110 IP camera exposes a secondary HTTP service alongside its primary web interface. While the main web interface requires authentication, the service on port 8001 provides a backdoor. Specifically, the ‘/snapshot’ endpoint on port 8001 can be accessed without any…

Overview This article details a critical vulnerability, identified as CVE-2021-4468, affecting PLANEX CS-QP50F-ING2 smart cameras. The vulnerability allows a remote, unauthenticated attacker to retrieve a compressed configuration backup file from the device due to the lack of authentication on the configuration backup interface accessible over HTTP. This backup file contains sensitive information, including administrative credentials, potentially leading to full device compromise and unauthorized access to the monitored environment. Technical Details The PLANEX CS-QP50F-ING2 smart camera exposes a configuration backup interface over HTTP. Critically, this interface does not enforce any authentication mechanisms. An attacker can simply craft a request to the…

Overview CVE-2021-4467 describes a remote denial-of-service (DoS) vulnerability affecting Positive Technologies MaxPatrol 8 and XSpider. This vulnerability resides within the client communication service, specifically on TCP port 2002. An attacker can exploit this flaw by overwhelming the service with connection requests, leading to service disruption. Technical Details The vulnerability stems from the service’s inadequate handling of incoming connection requests. For each new connection, the service generates a new session identifier. However, there is no proper limitation on the number of concurrent requests it can handle. An unauthenticated remote attacker can exploit this by repeatedly sending HTTPS requests to the service.…

Overview CVE-2021-4466 identifies a critical security vulnerability affecting IPCop versions up to and including 2.1.9. This flaw allows an authenticated attacker to execute arbitrary code remotely on the affected system, potentially leading to full system compromise. The vulnerability resides within the web-based administration interface’s email configuration component. Technical Details The vulnerability stems from insufficient input sanitization within the email configuration component. Specifically, the application directly incorporates user-controlled values, including the EMAIL_PW parameter, into system-level operations without proper validation. This allows an attacker with valid administrative credentials to inject shell metacharacters into the email password field. By crafting a malicious email…

Overview CVE-2021-4465 describes a remote denial-of-service (DoS) vulnerability affecting multiple versions of the ReQuest Serious Play F3 Media Server. An unauthenticated attacker can exploit this vulnerability to shut down or reboot the device by sending a specially crafted HTTP GET request. This effectively interrupts service availability. Technical Details The vulnerability stems from insufficient input validation and/or error handling within the ReQuest Serious Play F3 Media Server’s web interface. By sending a malformed HTTP GET request to a specific endpoint, an attacker can trigger a process crash or system reboot. The lack of authentication allows anyone on the network (or potentially…

Overview CVE-2018-25125 describes a buffer overflow vulnerability found in the Netis ADSL Router DL4322D firmware RTK 2.1.1. This flaw resides in the router’s embedded FTP service. By exploiting this vulnerability, an authenticated attacker can trigger a denial-of-service (DoS) condition, effectively rendering the router and its network unavailable. Technical Details The vulnerability stems from insufficient input validation within the FTP service. Specifically, when processing FTP commands, such as ABOR, the service fails to properly limit the length of the arguments passed to these commands. By sending an FTP command with an excessively long argument, an attacker can overflow the buffer allocated…