Full Disclosure mailing list archives
HOTBOX Multiple Vulnerabilities
From: Oz <ozelisyan () gmail com>
Date: Fri, 1 Nov 2013 20:00:04 +0200
Hello, +------------------------------------------------------------------------------+ | HOTBOX is the leading router/modem appliance of | | HOT Cable communication company in israel. | | The Appliance is manufactured by SAGEMCOM | | and carries the model name F@st 3184. | +------------------------------------------------------------------------------+ | Title: HOTBOX Multiple Vulnerabilities | +--------------------+---------------------------------------------------------+ | Release Date | 2013/09/09 | | Researcher | Oz Elisyan | +--------------------+---------------------------------------------------------+ | System Affected | HOTBOX Router/Modem | | Versions Affected | 2.1.11 , possibly earlier | | Related CVE Numbers | CVE-2013-5037, CVE-2013-5038| | CVE-2013-5220, CVE-2013-5219, CVE-2013-5218, | | CVE-2013-5039 | | Vendor Patched | N/A | | Classification | 0-day | | Exploits | http://elisyan.com/hotboxDoS.pl, | | http://elisyan.com/hotboxCSRF.html | +--------------------+---------------------------------------------------------+ Vulnerabilities List - # Default WPS Pin # Authentication based on IP Address # DoS via crafted POST # Path/Directory Traversal # Script injection via DHCP request # No CSRF Token Demo - http://www.youtube.com/watch?v=CPlT09ZIj48 Thanks
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- HOTBOX Multiple Vulnerabilities Oz (Nov 03)