gwillcox-r7

5 exploits Active since Mar 2020
CVE-2020-10924 METASPLOIT HIGH ruby WORKING POC
Netgear R6700v3 Unauthenticated LAN Admin Password Reset
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the UPnP service, which listens on TCP port 5000 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9643.
CVSS 8.8
CVE-2020-10923 METASPLOIT HIGH ruby WORKING POC
NETGEAR R6700 V1.0.4.84_10.0.58 - Auth Bypass
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPnP service, which listens on TCP port 5000. A crafted UPnP message can be used to bypass authentication. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-9642.
CVSS 8.8
CVE-2021-42237 METASPLOIT CRITICAL ruby WORKING POC
Sitecore Experience Platform 7.5-8.2 Update-7 - Unauthenticated Remote Code Execution via Insecure Deserialization
Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability.
CVSS 9.8
CVE-2020-28949 METASPLOIT HIGH ruby WORKING POC
Archive_Tar <1.4.10 - Code Injection
Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed.
CVSS 7.8
CVE-2020-0787 METASPLOIT HIGH ruby WORKING POC
Windows BITS - Elevation of Privilege via Symbolic Link Mishandling
An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'.
CVSS 7.8