HOTBOX Multiple Vulnerabilities *youtube

2013.11.03
Credit: Oz Elisyan
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

+------------------------------------------------------------------------------+ | HOTBOX is the leading router/modem appliance of | | HOT Cable communication company in israel. | | The Appliance is manufactured by SAGEMCOM | | and carries the model name F () st 3184. | +------------------------------------------------------------------------------+ | Title: HOTBOX Multiple Vulnerabilities | +--------------------+---------------------------------------------------------+ | Release Date | 2013/09/09 | | Researcher | Oz Elisyan | +--------------------+---------------------------------------------------------+ | System Affected | HOTBOX Router/Modem | | Versions Affected | 2.1.11 , possibly earlier | | Related CVE Numbers | CVE-2013-5037, CVE-2013-5038| | CVE-2013-5220, CVE-2013-5219, CVE-2013-5218, | | CVE-2013-5039 | | Vendor Patched | N/A | | Classification | 0-day | | Exploits | http://elisyan.com/hotboxDoS.pl, | | http://elisyan.com/hotboxCSRF.html | +--------------------+---------------------------------------------------------+ Vulnerabilities List - # Default WPS Pin # Authentication based on IP Address # DoS via crafted POST # Path/Directory Traversal # Script injection via DHCP request # No CSRF Token Demo - http://www.youtube.com/watch?v=CPlT09ZIj48

References:

http://elisyan.com/hotboxDoS.pl
http://www.youtube.com/watch?v=CPlT09ZIj48


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top