Overview CVE-2021-4470 details a critical pre-authentication remote code execution (RCE) vulnerability affecting the TG8 Firewall. This flaw allows an unauthenticated attacker to execute arbitrary operating system commands with root privileges on the affected device. The vulnerability resides in the runphpcmd.php endpoint and stems from the lack of input validation on the syscmd POST parameter. Technical Details The TG8 Firewall’s runphpcmd.php endpoint is intended to execute system commands. However, the syscmd POST parameter, which provides the command to be executed, is passed directly to the underlying system without any validation or sanitization. This allows a remote, unauthenticated attacker to inject malicious…
-
-
Overview CVE-2021-4469 details a significant security vulnerability affecting Denver SHO-110 IP cameras. This flaw allows unauthorized access to image snapshots from the camera feed, potentially compromising the privacy and security of the monitored environment. The vulnerability stems from a secondary HTTP service running on TCP port 8001, which lacks authentication requirements for accessing the ‘/snapshot’ endpoint. Technical Details The Denver SHO-110 IP camera exposes a secondary HTTP service alongside its primary web interface. While the main web interface requires authentication, the service on port 8001 provides a backdoor. Specifically, the ‘/snapshot’ endpoint on port 8001 can be accessed without any…
-
Overview This article details a critical vulnerability, identified as CVE-2021-4468, affecting PLANEX CS-QP50F-ING2 smart cameras. The vulnerability allows a remote, unauthenticated attacker to retrieve a compressed configuration backup file from the device due to the lack of authentication on the configuration backup interface accessible over HTTP. This backup file contains sensitive information, including administrative credentials, potentially leading to full device compromise and unauthorized access to the monitored environment. Technical Details The PLANEX CS-QP50F-ING2 smart camera exposes a configuration backup interface over HTTP. Critically, this interface does not enforce any authentication mechanisms. An attacker can simply craft a request to the…
-
Overview CVE-2021-4467 describes a remote denial-of-service (DoS) vulnerability affecting Positive Technologies MaxPatrol 8 and XSpider. This vulnerability resides within the client communication service, specifically on TCP port 2002. An attacker can exploit this flaw by overwhelming the service with connection requests, leading to service disruption. Technical Details The vulnerability stems from the service’s inadequate handling of incoming connection requests. For each new connection, the service generates a new session identifier. However, there is no proper limitation on the number of concurrent requests it can handle. An unauthenticated remote attacker can exploit this by repeatedly sending HTTPS requests to the service.…
-
Overview CVE-2021-4466 identifies a critical security vulnerability affecting IPCop versions up to and including 2.1.9. This flaw allows an authenticated attacker to execute arbitrary code remotely on the affected system, potentially leading to full system compromise. The vulnerability resides within the web-based administration interface’s email configuration component. Technical Details The vulnerability stems from insufficient input sanitization within the email configuration component. Specifically, the application directly incorporates user-controlled values, including the EMAIL_PW parameter, into system-level operations without proper validation. This allows an attacker with valid administrative credentials to inject shell metacharacters into the email password field. By crafting a malicious email…
-
Overview CVE-2021-4465 describes a remote denial-of-service (DoS) vulnerability affecting multiple versions of the ReQuest Serious Play F3 Media Server. An unauthenticated attacker can exploit this vulnerability to shut down or reboot the device by sending a specially crafted HTTP GET request. This effectively interrupts service availability. Technical Details The vulnerability stems from insufficient input validation and/or error handling within the ReQuest Serious Play F3 Media Server’s web interface. By sending a malformed HTTP GET request to a specific endpoint, an attacker can trigger a process crash or system reboot. The lack of authentication allows anyone on the network (or potentially…
-
Overview CVE-2018-25125 describes a buffer overflow vulnerability found in the Netis ADSL Router DL4322D firmware RTK 2.1.1. This flaw resides in the router’s embedded FTP service. By exploiting this vulnerability, an authenticated attacker can trigger a denial-of-service (DoS) condition, effectively rendering the router and its network unavailable. Technical Details The vulnerability stems from insufficient input validation within the FTP service. Specifically, when processing FTP commands, such as ABOR, the service fails to properly limit the length of the arguments passed to these commands. By sending an FTP command with an excessively long argument, an attacker can overflow the buffer allocated…
-
Overview CVE-2016-15056 is a critical vulnerability affecting Ubee EVW3226 cable modem/routers. Firmware versions up to and including 1.0.20 store configuration backup files in the web root after they are generated for download. Crucially, these backup files remain accessible without authentication until the device is rebooted. This allows a remote attacker on the local network to retrieve the configuration backup and, because it is unencrypted, extract the plaintext admin password, leading to complete device compromise. Technical Details The vulnerability stems from the improper handling of configuration backups. When a user initiates a backup through the web interface, the Ubee EVW3226 creates…
-
Overview CVE-2025-13187 is a medium-severity security vulnerability affecting Intelbras ICIP version 2.0.20. This vulnerability allows for the unprotected storage of user credentials, specifically the username and password. A remote attacker can potentially exploit this flaw to gain unauthorized access to the system. The exploit has been publicly disclosed, making it crucial for users of affected Intelbras ICIP devices to take immediate action to mitigate the risk. Technical Details The vulnerability exists within the /xml/sistema/acessodeusuario.xml file. By manipulating the NomeUsuario and SenhaAcess arguments, an attacker can cause the system to store user credentials in plaintext, rather than using proper encryption or…
-
Overview CVE-2025-13186 details a Cross-Site Scripting (XSS) vulnerability found in Bdtask/CodeCanyon’s Isshue Multi Store eCommerce Shopping Cart Solution up to version 4.0. The vulnerability resides within the /dashboard/Ccustomer/manage_customer file, specifically through the manipulation of the Search argument. This allows a remote attacker to inject malicious scripts, potentially impacting users who interact with the affected functionality. The vendor was notified, but did not respond to the disclosure. Technical Details The vulnerability lies in the inadequate sanitization of user-supplied input passed via the Search parameter within the /dashboard/Ccustomer/manage_customer file. An attacker can inject arbitrary JavaScript code into this parameter, which will then…