Gonzalo Garcia Leon - Security Researcher - Exploit Intelligence Platform

CVE-2018-6407 NOMISEC HIGH WORKING POC

Conceptronic CIPCAMPTIWL V3 0.61.30.21 - Unauthenticated Denial of Service via Large POST Request to devices.cgi

An issue was discovered on Conceptronic CIPCAMPTIWL V3 0.61.30.21 devices. An unauthenticated attacker can crash a device by sending a POST request with a huge body size to /hy-cgi/devices.cgi?cmd=searchlandevice. The crash completely freezes the device.

8 stars

CVSS 7.5

View Code

CVE-2018-6407 WRITEUP HIGH WORKING POC

Conceptronic CIPCAMPTIWL V3 0.61.30.21 - Unauthenticated Denial of Service via Large POST Request to devices.cgi

An issue was discovered on Conceptronic CIPCAMPTIWL V3 0.61.30.21 devices. An unauthenticated attacker can crash a device by sending a POST request with a huge body size to /hy-cgi/devices.cgi?cmd=searchlandevice. The crash completely freezes the device.

CVSS 7.5

View Code

CVE-2018-6408 WRITEUP HIGH WORKING POC

Conceptronic CIPCAMPTIWL V3 0.61.30.21 - Cross-Site Request Forgery in hy-cgi/user.cgi

An issue was discovered on Conceptronic CIPCAMPTIWL V3 0.61.30.21 devices. CSRF exists in hy-cgi/user.cgi, as demonstrated by changing an administrator password or adding a new administrator account.

CVSS 8.8

View Code