Karn Ganeshen

54 exploits Active since Feb 2010
CVE-2016-2296 METASPLOIT CRITICAL ruby WORKING POC
Meteocontrol Web'log Basic 100 - Security Feature Bypass
Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited does not require authentication for "post-admin" login pages, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors.
CVSS 9.4
CVE-2016-0861 EXPLOITDB HIGH text WORKING POC
General Electric GE Industrial Solutions UPS SNMP/Web Adapter <4.8 ...
General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to execute arbitrary commands via unspecified vectors.
CVSS 8.8
CVE-2015-8283 EXPLOITDB MEDIUM text WORKING POC
SeaWell Networks Spectrum SDC <2.05.00 - Path Traversal
Directory traversal vulnerability in configure_manage.php in SeaWell Networks Spectrum SDC 02.05.00.
CVSS 6.5
CVE-2015-8282 EXPLOITDB CRITICAL text WORKING POC
SeaWell Networks Spectrum SDC <2.05.00 - Info Disclosure
SeaWell Networks Spectrum SDC 02.05.00 has a default password of "admin" for the "admin" account.
CVSS 9.8
CVE-2015-7258 EXPLOITDB HIGH text WRITEUP
ZTE Zxv10 W300 Firmware - Credentials Management
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated users to obtain user passwords by displaying user information in a Telnet connection.
CVSS 8.8
CVE-2015-7257 EXPLOITDB HIGH text WRITEUP
ZTE Zxv10 W300 Firmware - Password Reset Weakness
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated non-administrator users to change the admin password by intercepting an outgoing password change request, and changing the username parameter from "support" to "admin".
CVSS 7.5
CVE-2015-7252 EXPLOITDB MEDIUM text WRITEUP
ZTE ZXHN H108N R1A Firmware < ZTE.bhs.ZXHNH108NR1A.k_PE - Cross-Site Scripting via errorpage Parameter
Cross-site scripting (XSS) vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allows remote attackers to inject arbitrary web script or HTML via the errorpage parameter.
CVSS 6.1
CVE-2015-7251 EXPLOITDB CRITICAL text WRITEUP
ZTE ZXHN H108N R1A Firmware < ZTE.bhs.ZXHNH108NR1A.k_PE - Unauthenticated Hardcoded Root Password
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE have a hardcoded password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session.
CVSS 9.8
CVE-2015-7250 EXPLOITDB HIGH text WRITEUP
ZTE ZXHN H108N R1A Firmware < ZTE.bhs.ZXHNH108NR1A.k_PE - Unauthenticated Path Traversal via getpage Parameter
Absolute path traversal vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allows remote attackers to read arbitrary files via a full pathname in the getpage parameter.
CVSS 7.5
CVE-2015-7249 EXPLOITDB MEDIUM text WRITEUP
ZTE ZXHN H108N R1A < ZTE.bhs.ZXHNH108NR1A.k_PE - Authenticated Access Control Bypass
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remote authenticated users to bypass intended access restrictions via a modified request, as demonstrated by leveraging the support account to change a password via a cgi-bin/webproc accountpsd action.
CVSS 4.9
CVE-2015-7248 EXPLOITDB HIGH text WRITEUP
ZTE ZXHN H108N R1A < ZTE.bhs.ZXHNH108NR1A.k_PE - Sensitive Info Exposure via cgi-bin/webproc
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remote attackers to discover usernames and password hashes by reading the cgi-bin/webproc HTML source code, a different vulnerability than CVE-2015-8703.
CVSS 7.5
CVE-2015-7246 EXPLOITDB CRITICAL text WRITEUP
D-Link DVG-N5402SP Firmware W1000CN-00, W1000CN-03, W2000EN-00 - Use of Hard-coded Credentials
D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 has a default password of root for the root account and tw for the tw account, which makes it easier for remote attackers to obtain administrative access.
CVSS 9.8
CVE-2015-7245 EXPLOITDB HIGH text WRITEUP
D-Link DVG-N5402SP Firmware W1000CN-00, W1000CN-03, W2000EN-00 - Path Traversal via Errorpage Parameter
Directory traversal vulnerability in D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 allows remote attackers to read sensitive information via a .. (dot dot) in the errorpage parameter.
CVSS 7.5
CVE-2017-5259 METASPLOIT HIGH ruby WORKING POC
Cambium Networks cnPilot <4.3.2-R4 - Privilege Escalation
In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, an undocumented, root-privilege administration web shell is available using the HTTP path https://<device-ip-or-hostname>/adm/syscmd.asp.
CVSS 8.8
CVE-2017-5261 METASPLOIT HIGH ruby WORKING POC
Cambium Networks cnPilot <4.3.2-R4 - Path Traversal
In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the 'ping' and 'traceroute' functions of the web administrative console expose a file path traversal vulnerability, accessible to all authenticated users.
CVSS 8.8
CVE-2017-5146 METASPLOIT HIGH ruby WORKING POC
Carlo Gavazzi VMU-C <A11_U05/A17 - Info Disclosure
An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. Sensitive information is stored in clear-text.
CVSS 7.5
CVE-2017-5162 METASPLOIT CRITICAL ruby WORKING POC
BINOM3 Universal Multifunctional Electric Power Quality Meter Firmware - Unauthenticated Remote Access to Configuration
An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Lack of authentication for remote service gives access to application set up and configuration.
CVSS 9.8
CVE-2017-5255 METASPLOIT HIGH ruby WORKING POC
Cambium Networks ePMP <3.5 - Command Injection
In version 3.5 and prior of Cambium Networks ePMP firmware, a lack of input sanitation for certain parameters on the web management console allows any authenticated user (including the otherwise low-privilege readonly user) to inject shell meta-characters as part of a specially-crafted POST request to the get_chart function and run OS-level commands, effectively as root.
CVSS 8.8
CVE-2017-5255 METASPLOIT HIGH ruby WORKING POC
Cambium Networks ePMP <3.5 - Command Injection
In version 3.5 and prior of Cambium Networks ePMP firmware, a lack of input sanitation for certain parameters on the web management console allows any authenticated user (including the otherwise low-privilege readonly user) to inject shell meta-characters as part of a specially-crafted POST request to the get_chart function and run OS-level commands, effectively as root.
CVSS 8.8
CVE-2017-5260 METASPLOIT HIGH ruby SCANNER
Cambium Networks cnPilot <4.3.2-R4 - Info Disclosure
In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, although the option to access the configuration file is not available in the normal web administrative console for the 'user' account, the configuration file is accessible via direct object reference (DRO) at http://<device-ip-or-hostname>/goform/down_cfg_file by this otherwise low privilege 'user' account.
CVSS 8.8
CVE-2017-6048 METASPLOIT HIGH ruby WORKING POC
Satel Iberia SenNet Data Logger and Electricity Meters - Command Injection
A Command Injection issue was discovered in Satel Iberia SenNet Data Logger and Electricity Meters: SenNet Optimal DataLogger V5.37c-1.43c and prior, SenNet Solar Datalogger V5.03-1.56a and prior, and SenNet Multitask Meter V5.21a-1.18b and prior. Successful exploitation of this vulnerability could result in the attacker breaking out of the jailed shell and gaining full access to the system.
CVSS 8.8
CVE-2017-7922 METASPLOIT HIGH ruby WORKING POC
Cambium Networks ePMP - Improper Privilege Management via SNMP Community Strings
An Improper Privilege Management issue was discovered in Cambium Networks ePMP. The privileges for SNMP community strings are not properly restricted, which may allow an attacker to gain access to sensitive information and possibly allow for configuration changes.
CVSS 7.6
CVE-2017-5254 METASPLOIT HIGH ruby WORKING POC
Cambium Networks ePMP <3.5 - Privilege Escalation
In version 3.5 and prior of Cambium Networks ePMP firmware, the non-administrative users 'installer' and 'home' have the capability of changing passwords for other accounts, including admin, after disabling a client-side protection mechanism.
CVSS 8.8
CVE-2017-5262 METASPLOIT HIGH ruby WORKING POC
Cambium Networks cnPilot <4.3.2-R4 - Info Disclosure
In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the SNMP read-only (RO) community string has access to sensitive information by OID reference.
CVSS 8.0
CVE-2016-2298 METASPLOIT CRITICAL ruby WORKING POC
Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited - Exposure of Sensitive Information
Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to obtain sensitive cleartext information via unspecified vectors.
CVSS 9.8