Stephen Shkardoon

4 exploits Active since Apr 2018
CVE-2018-10577 EXPLOITDB HIGH ruby WORKING POC
WatchGuard AP100-AP200/AP300 <1.2.9.15/<2.0.0.10 - RCE
An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15, and AP300 devices with firmware before 2.0.0.10. File upload functionality allows any users authenticated on the web interface to upload files containing code to the web root, allowing these files to be executed as root.
CVSS 8.8
CVE-2018-10576 EXPLOITDB HIGH ruby WORKING POC
WatchGuard AP100-AP200 <1.2.9.15 - Auth Bypass
An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15. Improper authentication handling by the native Access Point web UI allows authentication using a local system account (instead of the dedicated web-only user).
CVSS 7.8
CVE-2018-10575 EXPLOITDB CRITICAL ruby WORKING POC
WatchGuard AP100-AP200 <1.2.9.15 - Info Disclosure
An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15. Hardcoded credentials exist for an unprivileged SSH account with a shell of /bin/false.
CVSS 9.8
CVE-2018-20220 EXPLOITDB HIGH text WRITEUP
Teracue ENC-400 <2.56 - Info Disclosure
An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. While the web interface requires authentication before it can be interacted with, a large portion of the HTTP endpoints are missing authentication. An attacker is able to view these pages before being authenticated, and some of these pages may disclose sensitive information.
CVSS 7.5