Remote Code Execution

SSD Advisory – Yealink DM Pre Auth ‘root’ level RCE

Leave a Comment / Vulnerability publication / By

TL;DR Find out how multiple vulnerabilities in Yealink DM (Device Management) allow an unauthenticated attacker to run arbitrary commands on the server with root privileges. Vulnerability Summary Yealink DM (Device Management) platform – “offers a comprehensive management solution with key features Unified Deployment and Management, Real-Time Monitoring and Alarm, Remote Troubleshooting.” Several vulnerabilities in the …

SSD Advisory – Yealink DM Pre Auth ‘root’ level RCE Read More »

SSD Advisory – NetMotion Mobility Server Multiple Deserialization of Untrusted Data Lead to RCE

3 Comments / Vulnerability publication / By

TL;DR Find out how multiple vulnerabilities in NetMotion Mobility Server allow an unauthenticated attacker to run arbitrary code on the server with SYSTEM privileges. Vulnerability Summary NetMotion Mobility is “standards-compliant, client/server-based software that securely extends the enterprise network to the mobile environment. It is mobile VPN software that maximizes mobile field worker productivity by maintaining …

SSD Advisory – NetMotion Mobility Server Multiple Deserialization of Untrusted Data Lead to RCE Read More »

SSD Advisory – Auth Bypass and RCE in Infinite WP Admin Panel

1 Comment / Vulnerability publication / By

TL;DR Find out how a vulnerability in Infinite WP’s password reset mechanism allows an unauthenticated user to become authenticated and then carry out a Remote Code Execution. Vulnerability Summary InfiniteWP is “free self hosted, multiple WordPress site management solution. It simplifies your WordPress tasks with a click of a button”. A vulnerability in InfiniteWP allows …

SSD Advisory – Auth Bypass and RCE in Infinite WP Admin Panel Read More »

SSD Advisory – phpCollab Unauth RCE

Leave a Comment / Vulnerability publication / By

TL;DR Find out how a vulnerability in phpCollab allows an unauthenticated user to reach RCE abilities and run code as ‘www-data’. Vulnerability Summary phpCollab is “a project management and collaboration system. Features include: team/client sites, task assignment, document repository/workflow, gantt charts, discussions, calendar, notifications, support requests, weblog newsdesk, invoicing, and many other tools”. A vulnerability …

SSD Advisory – phpCollab Unauth RCE Read More »

SSD Advisory – rConfig Unauthenticated RCE

1 Comment / Vulnerability publication / By

TL;DR Find out how a chain of vulnerabilities in rConfig allows a remote unauthenticated user to gain ‘apache’ user access to the vulnerable rConfig installation. Vulnerability Summary rConfig is “an open source network device configuration management utility that takes frequent configuration snapshots of devices. Open source, and built by Network Architects – We know what …

SSD Advisory – rConfig Unauthenticated RCE Read More »

SSD Advisory – Netgear Nighthawk R8300 upnpd PreAuth RCE

Leave a Comment / Vulnerability publication / By

TL;DR Find out how we exploited an unauthenticated Netgear Nighthawk R8300 vulnerability and gained root access to the device. Vulnerability Summary The Nighthawk X8 AC5000 (R8300) router released in 2014, is a popular device sold by Netgear with almost 2000 positive reviews on Amazon. A vulnerability in the way the R8300 handles UPNP packets allows …

SSD Advisory – Netgear Nighthawk R8300 upnpd PreAuth RCE Read More »

SSD Advisory – TerraMaster OS exportUser.php Remote Code Execution

1 Comment / Vulnerability publication / By

TL;DR Find out how we exploited an unauthenticated TerraMaster OS vulnerability and gained root access to the device. Vulnerability Summary TerraMaster Operating System (TOS) is an operating system designed for TNAS devices. Invalid parameter checking in TOS leads to an unauthenticated Remote Code Execution vulnerability in the product, further to that the executed code runs …

SSD Advisory – TerraMaster OS exportUser.php Remote Code Execution Read More »

SSD Advisory – Mimosa Routers Privilege Escalation and Authentication bypass

4 Comments / Vulnerability publication / By

TL;DR Find out how we exploited Mimosa Router’s web interface vulnerability and gained root access. Vulnerability Summary Mimosa Networks is the global technology leader in wireless broadband solutions, delivering fiber-fast connectivity to service providers and enterprise, industrial and government operators worldwide. A vulnerability in Mimosa devices/routers leads to an authentication bypass/ privilege escalation by executing …

SSD Advisory – Mimosa Routers Privilege Escalation and Authentication bypass Read More »

SSD Advisory – MyLittleAdmin PreAuth RCE

26 Comments / Vulnerability publication / By

TL;DR Find out how we managed to execute arbitrary commands on MyLittleAdmin management tool using unauthenticated RCE vulnerability.  Vulnerability Summary MyLittleAdmin is a web-based management tool specially designed for MS SQL Server. It fully works with MS SQL Server. While the product appears to be discontinued (no new releases since 2013) it is still being …

SSD Advisory – MyLittleAdmin PreAuth RCE Read More »

SSD Advisory – Horde Groupware Webmail Edition Remote Code Execution

Leave a Comment / Vulnerability publication / By

Vulnerability SummaryThe Horde project comprises of several standalone applications and libraries. The Horde Groupware Webmail Edition suite bundles several of them by default, among those, Data is a library used to manager data import/export in several formats, e.g., CSV, iCalendar, vCard, etc.The function in charge of parsing the CSV format uses create_function in a way …

SSD Advisory – Horde Groupware Webmail Edition Remote Code Execution Read More »

Get in touch

Any questions? Interested in our services? 

We’d love to hear from you

Contact US
Facebook Twitter Youtube Linkedin

?

HOME
THE
COMMUNITY
SCOPE
ADVISORIES
SUBMIT
CONTACT

?

Get in touch