Tagged: references

VU#507216: Hirschmann "Classic Platform" switches reveal administrator password in SNMP community string by default 0

VU#507216: Hirschmann "Classic Platform" switches reveal administrator password in SNMP community string by default

Vulnerability Note VU#507216 Hirschmann “Classic Platform” switches reveal administrator password in SNMP community string by default Original Release date: 16 Feb 2016 | Last revised: 16 Feb 2016 Overview Hirschmann “Classic Platform” switches contain a password sync feature that syncs the switch administrator password with the SNMP community password, exposing the administrator password to attackers on the local network. Description CWE-257 : Storing Passwords in a Recoverable Format For all Hirschmann (part of Belden) “Classic Platform” switches (which includes the MACH series workgroup switches, among others), by default, the switch administrator password is used to construct an SNMP community string that allows remote management of some switch configuration

VU#777024: Netgear Management System NMS300 contains arbitrary file upload and path traversal vulnerabilities 0

VU#777024: Netgear Management System NMS300 contains arbitrary file upload and path traversal vulnerabilities

Vulnerability Note VU#777024 Netgear Management System NMS300 contains arbitrary file upload and path traversal vulnerabilities Original Release date: 03 Feb 2016 | Last revised: 03 Feb 2016 Overview Netgear Management System NMS300, version 1.5.0.11 and earlier, is vulnerable to arbitrary file upload, which may be leveraged by unauthenticated users to execute arbitrary code with SYSTEM privileges. A directory traversal vulnerability enables authenticated users to download arbitrary files. Description Netgear Management System NMS300 is a configuration, monitoring, and diagnostics utility for managing SNMP networked devices via a web interface

VU#544527: OpenELEC and RasPlex have a hard-coded SSH root password 0

VU#544527: OpenELEC and RasPlex have a hard-coded SSH root password

Vulnerability Note VU#544527 OpenELEC and RasPlex have a hard-coded SSH root password Original Release date: 02 Feb 2016 | Last revised: 02 Feb 2016 Overview OpenELEC and derivatives utilize a hard-coded default root password, and enable SSH root access by default. Description CWE-259 : Use of Hard-coded Password OpenELEC has a hard-coded root password. The root partition is by default read-only, preventing a user from changing the password once installed; furthermore, SSH access is enabled by default

VU#972224: Huawei Mobile WiFi E5151 and E5186 routers use insufficiently random values for DNS queries 0

VU#972224: Huawei Mobile WiFi E5151 and E5186 routers use insufficiently random values for DNS queries

Vulnerability Note VU#972224 Huawei Mobile WiFi E5151 and E5186 routers use insufficiently random values for DNS queries Original Release date: 01 Feb 2016 | Last revised: 01 Feb 2016 Overview Huawei Mobile WiFi E5151, firmware version 21.141.13.00.1080, and E5186, firmware version V200R001B306D01C00, use insufficiently random values for DNS queries and are vulnerable to DNS spoofing attacks. Description CWE-330 : Use of Insufficiently Random Values – CVE-2015-8265 Huawei Mobile WiFi E5151 and E5186 routers use static source ports for all DNS queries originating from the local area network (LAN).

VU#992624: Harman AMX multimedia devices contain hard-coded credentials 0

VU#992624: Harman AMX multimedia devices contain hard-coded credentials

Vulnerability Note VU#992624 Harman AMX multimedia devices contain hard-coded credentials Original Release date: 21 Jan 2016 | Last revised: 21 Jan 2016 Overview Multiple models of Harman AMX multimedia devices contain a hard-coded debug account. Description CWE-798 : Use of Hard-coded Credentials – CVE-2015-8362 According to the researchers’ blog post , several models of Harman AMX multimedia devices contain a hard-coded “backdoor” account with administrative permissions.

VU#753264: IPSwitch WhatsUp Gold does not validate commands when deserializing XML objects 0

VU#753264: IPSwitch WhatsUp Gold does not validate commands when deserializing XML objects

Vulnerability Note VU#753264 IPSwitch WhatsUp Gold does not validate commands when deserializing XML objects Original Release date: 07 Jan 2016 | Last revised: 07 Jan 2016 Overview IPSwitch WhatsUp Gold version 16.3 does not properly validate data when deserializing XML objects sent over SOAP requests. Description CWE-502 : Deserialization of Untrusted Data – CVE-2015-8261 WhatsUp Gold version 16.3 contains a SOAP request handler named DroneDeleteOldMeasurements

VU#763576: Amped Wireless R10000 router contains multiple vulnerabilities 0

VU#763576: Amped Wireless R10000 router contains multiple vulnerabilities

Vulnerability Note VU#763576 Amped Wireless R10000 router contains multiple vulnerabilities Original Release date: 10 Dec 2015 | Last revised: 10 Dec 2015 Overview Amped Wireless R10000 router, firmware version 2.5.2.11, uses default credentials, is vulnerable to cross-site request forgery, and uses insufficiently random values for DNS queries. Description CWE-255 : Credentials Management – CVE-2015-7277 The Amped Wireless R10000 web administration interface uses non-random default credentials of admin:admin. A local area network attacker can gain privileged access to a vulnerable device’s web management interfaces or leverage default credentials in remote attacks such as cross-site request forgery.

VU#403568: Netgear G54/N150 Wireless Router WNR1000v3 uses insufficiently random values for DNS queries 0

VU#403568: Netgear G54/N150 Wireless Router WNR1000v3 uses insufficiently random values for DNS queries

Vulnerability Note VU#403568 Netgear G54/N150 Wireless Router WNR1000v3 uses insufficiently random values for DNS queries Original Release date: 10 Dec 2015 | Last revised: 10 Dec 2015 Overview Netgear G54/N150 Wireless Router WNR1000v3, firmware version 1.0.2.68 and possibly earlier, uses insufficiently random values for DNS queries and is vulnerable to DNS spoofing attacks. Description CWE-330 : Use of Insufficiently Random Values – CVE-2015-8263 The Netgear G54/N150 Wireless Router WNR1000v3 uses static source ports for all DNS queries originating from the local area network (LAN). An attacker with the ability to spoof DNS responses can cause WNR1000v3 LAN clients to contact incorrect or malicious hosts under the attacker’s control.

VU#646008: Buffalo AirStation Extreme N600 Router WZR-600DHP2 uses insufficiently random values for DNS queries 0

VU#646008: Buffalo AirStation Extreme N600 Router WZR-600DHP2 uses insufficiently random values for DNS queries

Vulnerability Note VU#646008 Buffalo AirStation Extreme N600 Router WZR-600DHP2 uses insufficiently random values for DNS queries Original Release date: 10 Dec 2015 | Last revised: 10 Dec 2015 Overview Buffalo AirStation Extreme N600 Router WZR-600DHP2, firmware versions 2.09, 2.13, 2.16, and possibly others, uses insufficiently random values for DNS queries and is vulnerable to DNS spoofing attacks. Description CWE-330 : Use of Insufficiently Random Values – CVE-2015-8262 The Buffalo AirStation Extreme N600 Router WZR-600DHP2 uses static source ports and predictable TXIDs that increment from 0x0002 for all DNS queries originating from the local area network (LAN).