itres-labs

2 exploits Active since Mar 2025
CVE-2025-31702 NOMISEC MEDIUM WORKING POC
Dahua embedded products - Privilege Escalation
A vulnerability exists in certain Dahua embedded products. Third-party malicious attacker with obtained normal user credentials could exploit the vulnerability to access certain data which are restricted to admin privileges, such as system-sensitive files through specific HTTP request. This may cause tampering with admin password, leading to privilege escalation. Systems with only admin account are not affected.
3 stars
CVSS 6.8
CVE-2025-1868 NOMISEC MEDIUM WORKING POC
Advanced IP Scanner & Advanced Port Scanner - Info Disclosure
Vulnerability of unauthorized exposure of confidential information affecting Advanced IP Scanner and Advanced Port Scanner. It occurs when these applications initiate a network scan, inadvertently sending the NTLM hash of the user performing the scan. This vulnerability can be exploited by intercepting network traffic to a legitimate server or by setting up a fake server, in both local and remote scenarios. This exposure is relevant for both HTTP/HTTPS and SMB protocols.
2 stars
CVSS 6.8