Ibad Shah

6 exploits Active since Sep 2017
CVE-2017-16886 EXPLOITDB HIGH python WORKING POC
FiberHome Mobile WIFI Device - CSRF
The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 uses SOAP based web services in order to interact with the portal. Unauthorized Access to Web Services via CSRF can result in an unauthorized change of username or password of the administrator of the portal.
CVSS 8.8
CVE-2017-16885 EXPLOITDB CRITICAL python WORKING POC
FiberHome LM53Q1 VH519R05C01S38 - Info Disclosure
Improper Permissions Handling in the Portal on FiberHome LM53Q1 VH519R05C01S38 devices (intended for obtaining information about Internet Usage, Changing Passwords, etc.) allows remote attackers to look for the information without authenticating. The information includes Version of device, Firmware ID, Connected users to device along their MAC Addresses, etc.
CVSS 9.8
EIP-2026-111756 EXPLOITDB python WORKING POC
Restaurant Management System 1.0 - Remote Code Execution
CVE-2017-16953 EXPLOITDB HIGH text WORKING POC
ZTE ZXDSL 831CII - RCE
connoppp.cgi on ZTE ZXDSL 831CII devices does not require HTTP Basic Authentication, which allows remote attackers to modify the PPPoE configuration or set up a malicious configuration via a GET request.
CVSS 7.5
CVE-2017-14147 EXPLOITDB CRITICAL text WORKING POC
FiberHome User End Router AN1020-25 - Info Disclosure
An issue was discovered on FiberHome User End Routers Bearing Model Number AN1020-25 which could allow an attacker to easily restore a router to its factory settings by simply browsing to the link http://[Default-Router-IP]/restoreinfo.cgi & execute it. Due to improper authentication on this page, the software accepts the request hence allowing attacker to reset the router to its default configurations which later could allow attacker to login to router by using default username/password.
CVSS 9.8
CVE-2017-16887 EXPLOITDB CRITICAL python WORKING POC
FiberHome Mobile WIFI Device - Info Disclosure
The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 uses SOAP based web services in order to interact with the portal. Unauthorized Access to Web Services can result in disclosure of the WLAN key/password.
CVSS 9.8