HeadlessZeke

5 exploits Active since Nov 2014
CVE-2014-8424 METASPLOIT ruby WORKING POC
ARRIS VAP2500 < 08.41 - Authentication Bypass via Improper Password Validation
ARRIS VAP2500 before FW08.41 does not properly validate passwords, which allows remote attackers to bypass authentication.
CVE-2017-17411 METASPLOIT CRITICAL ruby WORKING POC
Linksys WVBR0 < 1.0.41 - Unauthenticated Remote Code Execution via Web Management Portal
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Linksys WVBR0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management portal. The issue lies in the lack of proper validation of user data before executing a system call. An attacker could leverage this vulnerability to execute code with root privileges. Was ZDI-CAN-4892.
CVSS 9.8
CVE-2014-8423 METASPLOIT ruby WORKING POC
ARRIS VAP2500 Firmware < 08.41 - Remote Command Execution
Unspecified vulnerability in the management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to execute arbitrary commands via unknown vectors.
CVE-2014-8425 EXPLOITDB ruby WORKING POC
ARRIS VAP2500 Firmware < 08.41 - Unauthenticated Exposure of Sensitive Information via Configuration Files
The management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to obtain credentials by reading the configuration files.
CVE-2017-17411 EXPLOITDB CRITICAL ruby WORKING POC
Linksys WVBR0 < 1.0.41 - Unauthenticated Remote Code Execution via Web Management Portal
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Linksys WVBR0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management portal. The issue lies in the lack of proper validation of user data before executing a system call. An attacker could leverage this vulnerability to execute code with root privileges. Was ZDI-CAN-4892.
CVSS 9.8