xfuturesec Co., Ltd

2 exploits Active since Sep 2017

CVE-2017-14262 NOMISEC HIGH WORKING POC

Samsung SRN-1670D, SRN-1000, SRN-472S, SRN-470D Firmware - Unauthenticated Admin Password Hash Exposure

On Samsung NVR devices, remote attackers can read the MD5 password hash of the 'admin' account via certain szUserName JSON data to cgi-bin/main-cgi, and login to the device with that hash in the szUserPasswd parameter.

6 stars

CVSS 8.1

View Code

CVE-2017-14263 NOMISEC HIGH WORKING POC

Honeywell Enterprise DVR and MaxPro NVR Firmware - Session Fixation via Guest Account Session ID

Honeywell NVR devices allow remote attackers to create a user account in the admin group by leveraging access to a guest account to obtain a session ID, and then sending that session ID in a userManager.addUser request to the /RPC2 URI. The attacker can login to the device with that new user account to fully control the device.

5 stars

CVSS 8.1

View Code