Security
Headlines
HeadlinesLatestCVEs

Tag

#git

Electrolink FM/DAB/TV Transmitter Pre-Auth MPFS Image Remote Code Execution

The device allows access to an unprotected endpoint that allows MPFS File System binary image upload without authentication. The MPFS2 file system module provides a light-weight read-only file system that can be stored in external EEPROM, external serial Flash, or internal Flash program memory. This file system serves as the basis for the HTTP2 web server module, but is also used by the SNMP module and is available to other applications that require basic read-only storage capabilities. This can be exploited to overwrite the flash program memory that holds the web server's main interfaces and execute arbitrary code.

Zero Science Lab
Open in Source
#vulnerability#web#git#rce#auth
Electrolink FM/DAB/TV Transmitter Unauthenticated Remote DoS

The transmitter is suffering from a Denial of Service (DoS) scenario. An unauthenticated attacker can reset the board as well as stop the transmitter operations by sending one GET request to the command.cgi gateway.

Electrolink FM/DAB/TV Transmitter (Login Cookie) Authentication Bypass

The transmitter is vulnerable to an authentication bypass vulnerability affecting the Login Cookie. An attacker can set an arbitrary value except 'NO' to the Login Cookie and have full system access.

Electrolink FM/DAB/TV Transmitter (controlloLogin.js) Credentials Disclosure

The device is vulnerable to a disclosure of clear-text credentials in controlloLogin.js that can allow security bypass and system access.

Electrolink FM/DAB/TV Transmitter (login.htm/mail.htm) Credentials Disclosure

The device is vulnerable to a disclosure of clear-text credentials in login.htm and mail.htm that can allow security bypass and system access.

September 2023: VM courses, Bahasa Indonesia, Russian Podcasts, Goodbye Tinkoff, MS Patch Tuesday, Qualys TOP 20, Linux, Forrester, GigaOm, R-Vision VM

Hello everyone! On the last day of September, I decided to record another retrospective episode on how my Vulnerability Management month went. Alternative video link (for Russia): https://vk.com/video-149273431_456239136 September was quite a busy month for me. Vulnerability Management courses I participated in two educational activities. The first one is an on-line cyber security course for […]

Embracing Minimalism: The “Less is More” Approach in UI/UX Design

By Owais Sultan In user interface (UI) and user experience (UX) design, the principle of “less is more” has emerged as… This is a post from HackRead.com Read the original post: Embracing Minimalism: The “Less is More” Approach in UI/UX Design

New BEC 3.0 Attack Exploiting Dropbox for Phishing

By Deeba Ahmed This is an active campaign, with 5,440 attacks detected in the first two weeks of September. This is a post from HackRead.com Read the original post: New BEC 3.0 Attack Exploiting Dropbox for Phishing

Chinese Hackers Are Hiding in Routers in the US and Japan

Plus: Stolen US State Department emails, $20 million zero-day flaws, and controversy over the EU’s message-scanning law.