Miguel Mendez Z.

4 exploits Active since May 2019
CVE-2020-10181 WRITEUP CRITICAL WORKING POC
Sumavision Enhanced Multimedia Router Firmware - CSRF
goform/formEMR30 in Sumavision Enhanced Multimedia Router (EMR) 3.0.4.27 allows creation of arbitrary users with elevated privileges (administrator) on a device, as demonstrated by a setString=new_user<*1*>administrator<*1*>123456 request.
CVSS 9.8
CVE-2019-17621 METASPLOIT CRITICAL ruby WORKING POC
Dlink Dir-859 Firmware < 1.05b03 - OS Command Injection
The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.
CVSS 9.8
CVE-2019-5526 EXPLOITDB HIGH text WORKING POC
Vmware Workstation < 15.1.0 - Uncontrolled Search Path
VMware Workstation (15.x before 15.1.0) contains a DLL hijacking issue because some DLL files are improperly loaded by the application. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to administrator on a windows host where Workstation is installed.
CVSS 7.8
EIP-2026-100308 EXPLOITDB text WORKING POC
Enhanced Multimedia Router 3.0.4.27 - Cross-Site Request Forgery (Add Admin)