badnack

4 exploits Active since Jun 2018
CVE-2017-14948 NOMISEC CRITICAL WRITEUP
Dlink Dir-868l Firmware - Buffer Overflow
Certain D-Link products are affected by: Buffer Overflow. This affects DIR-880L 1.08B04 and DIR-895 L/R 1.13b03. The impact is: execute arbitrary code (remote). The component is: htdocs/fileaccess.cgi. The attack vector is: A crafted HTTP request handled by fileacces.cgi could allow an attacker to mount a ROP attack: if the HTTP header field CONTENT_TYPE starts with ''boundary=' followed by more than 256 characters, a buffer overflow would be triggered, potentially causing code execution.
3 stars
CVSS 9.8
CVE-2018-11560 WRITEUP CRITICAL WRITEUP
Insteon 2864-222 Firmware - Out-of-Bounds Write
The webService binary on Insteon HD IP Camera White 2864-222 devices has a stack-based Buffer Overflow leading to Control-Flow Hijacking via a crafted usr key, as demonstrated by a long remoteIp parameter to cgi-bin/CGIProxy.fcgi on port 34100.
CVSS 9.8
CVE-2018-12640 WRITEUP CRITICAL WRITEUP
Insteon HD IP Camera White - Buffer Overflow
The webService binary on Insteon HD IP Camera White 2864-222 devices has a Buffer Overflow via a crafted pid, pwd, or usr key in a GET request on port 34100.
CVSS 9.8
CVE-2019-17532 WRITEUP HIGH WORKING POC
Belkin Wemo Switch 28b Firmware - Missing Authentication
An issue was discovered on Belkin Wemo Switch 28B WW_2.00.11057.PVT-OWRT-SNS devices. They allow remote attackers to cause a denial of service (persistent rules-processing outage) via a crafted ruleDbBody element in a StoreRules request to the upnp/control/rules1 URI, because database corruption occurs.
CVSS 7.5