Tag: OS Command Injection

security advisory

SenNet Data Logger appliances and Electricity Meters Multiple Vulnerabilties

VULNERABILITY DETAILS

1. No access control on the remote shell
2. Shell services running with excessive privileges (superuser)
3. OS Command Injection
4. Insecure Transport

Read on for details and poc.

security advisory

[ICS] Schneider Electric Building Operation Automation Server Multiple Vulnerabilities

Details of my security report on Schneider Electric Building Operation Automation Server are documented here.

The vulnerability disclosure and handling assistance from Schneider Electric team was commendable. However, from a security practices point of view, one of the aspects they seem to rely upon is Security through obscurity AND blind trust in the device users/administrators, ignoring both of these are bad concepts to run with.

Read on.

security advisory

[ICS] GEDE UPS SNMP Adapter Vulnerabilities

On a recent pentest, I found few vulnerabilities in GE Industrial Solutions – UPS SNMP Adapter. Successful exploitation can lead to arbitrary command execution as superuser on the device, and sensitive information leakage.

Read on.

security advisory

PIXORD Vehicle 3G Wi-Fi Router 3GR-431P – Multiple Vulnerabilities

New exploit / advisory posted on Exploit-db & Packetstorm:

https://www.exploit-db.com/exploits/38370/
https://packetstormsecurity.com/files/133834/PIXORD-Vehicle-3G-Wi-Fi-Router-Command-Injection-Information-Disclosure.html

Read on.

security advisory

Netgear Voice Gateway 2.3.0.23_2.3.23 – Multiple Vulnerabilities

New advisory / exploit posted on Exploit-db & Packetstorm:

https://www.exploit-db.com/exploits/38449/
https://packetstormsecurity.com/files/133941/Netgear-Voice-Gateway-2.3.0.23_2.3.23-XSS-Code-Execution.html

Read on.