Condorlab

NETGEAR – CSRF – Cross Site Request Forgery

Advisory ID RSN-SIP-0032 Vulnerability Information Cross-site request forgery (CSRF) vulnerability in NETGEAR DGN2200 routers with firmware 10.0.0.20 through 10.0.0.50 allows remote attackers to hijack the authentication of users for reque...

BROADCOM ACSD – Buffer Overflow

Advisory ID RSN-SIP-00114 Vulnerability Information Buffer overflow in Broadcom ACSD allows remote attackers to execute arbitrary code via a long string to TCP port 5916. This component is used on routers of multiple vendors including ASUS...

ASUS – Session Hijack

Advisory ID RSN-SIP-0029 Vulnerability Information Session hijack vulnerability in httpd in ASUS ASUSWRT on RT-AC53 3.0.0.4.380.6038 devices allows remote attackers to steal any active admin session by sending cgi_logout and asusrouter-Win...

ASUS – XSS – Cross Site Scripting

Advisory ID RSN-SIP-0030 Vulnerability Information Cross-site scripting (XSS) vulnerability in httpd in ASUS ASUSWRT on RT-AC53 3.0.0.4.380.6038 devices allows remote attackers to inject arbitrary JavaScript by requesting filenames longer ...

ASUS – Buffer overflow

Advisory ID RSN-SIP-0031 Vulnerability Information Buffer overflows in networkmap in ASUS ASUSWRT on RT-AC53 3.0.0.4.380.6038 devices allow remote attackers to execute arbitrary code on the router via a long host or port in crafted multica...

NETGEAR – RCE – Remote Code Execution

Advisory ID RSN-SIP-0033 Vulnerability Information dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the host_name field ...

NETGEAR – RCE – Remote Code Execution

Advisory ID RSN-SIP-0034 Vulnerability Information ping.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ping_IPAddr field of ...

NETGEAR – Change Configuration

Advisory ID RSN-SIP-0036 Vulnerability Information The NETGEAR WNR2000v5 router allows an administrator to perform sensitive actions by invoking the apply.cgi URL on the web server of the device. This special URL is handled by the embedded...

NETGEAR – RCE – Remote Code Execution

Advisory ID RSN-SIP-0037 Vulnerability Information The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This buffer overflow can be exploited by an unau...

ASUS – DOS – Denial Of Service

Advisory ID RSN-SIP-0038 Vulnerability Information An issue was discovered on the ASUS RT-N56U Wireless Router with Firmware 3.0.0.4.374_979. When executing an 'nmap -O' command that specifies an IP address of an affected device, one can c...