zixian

4 exploits Active since Aug 2014
CVE-2018-9092 EXPLOITDB HIGH html WORKING POC
1234n Minicms - CSRF
There is a CSRF vulnerability in mc-admin/conf.php in MiniCMS 1.10 that can change the administrator account password.
CVSS 8.8
CVE-2014-7281 EXPLOITDB html WORKING POC
Tenda A32 Router 5.07.53_CN - CSRF
Cross-site request forgery (CSRF) vulnerability in Shenzhen Tenda Technology Tenda A32 Router with firmware 5.07.53_CN allows remote attackers to hijack the authentication of administrators for requests that reboot the device via a request to goform/SysToolReboot.
CVE-2014-5246 EXPLOITDB text WORKING POC
Tenda A5s Firmware - Access Control
The Shenzhen Tenda Technology Tenda A5s router with firmware 3.02.05_CN allows remote attackers to bypass authentication and gain administrator access by setting the admin:language cookie to zh-cn.
CVE-2014-7279 EXPLOITDB CRITICAL text WRITEUP
Konke Smart Plug K - Info Disclosure
The Konke Smart Plug K does not require authentication for TELNET sessions, which allows remote attackers to obtain "equipment management authority" via TCP traffic to port 23.
CVSS 9.8