code-byter

2 exploits Active since Dec 2020
CVE-2022-28113 NOMISEC HIGH WORKING POC
FANTEC GmbH MWiD25-DS Firmware <2.000.030 - RCE
An issue in upload.csp of FANTEC GmbH MWiD25-DS Firmware v2.000.030 allows attackers to write files and reset the user passwords without having a valid session cookie.
3 stars
CVSS 7.2
CVE-2020-29669 NOMISEC HIGH WORKING POC
Macally WIFISD2-2A82 Media and Travel Router 2.000.010 - Privilege Escalation
In the Macally WIFISD2-2A82 Media and Travel Router 2.000.010, the Guest user is able to reset its own password. This process has a vulnerability which can be used to take over the administrator account and results in shell access. As the admin user may read the /etc/shadow file, the password hashes of each user (including root) can be dumped. The root hash can be cracked easily which results in a complete system compromise.
2 stars
CVSS 8.8