January 25, 2024 - Exodus Intelligence

D-Link DAP-1650 gena.cgi SUBSCRIBE Command Injection Vulnerability

January 25, 2024January 25, 2024 by Exodus Advisories

EIP-13d90c2b

The D-Link DAP-1650 contains a command injection vulnerability in the gena.cgi module when handling UPnP SUBSCRIBE messages. An unauthenticated attacker can exploit this vulnerability to gain command execution on the device as root.

Vulnerability Identifier

Exodus Intelligence: EIP-13d90c2b
MITRE: CVE-2024-23624

Vulnerability Metrics

CVSSv2 Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C
CVSSv2 Score: 8.3

Vendor References

The affected product is end-of-life and no patches are available.
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10266

Discovery Credit

Exodus Intelligence

Disclosure Timeline

Disclosed to Vendor: December 14, 2021
Vendor response to disclosure: January 27, 2022
Disclosed to public: January 25, 2024

Further Information

Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at [email protected]

D-Link DAP-1650 SUBSCRIBE ‘Callback’ Command Injection Vulnerability

January 25, 2024January 25, 2024 by Exodus Advisories

EIP-5a0f4b12

The D-Link DAP-1650 contains a command injection vulnerability in the ‘Callback’ parameter when handling UPnP SUBSCRIBE messages. An unauthenticated attacker can exploit this vulnerability to gain command execution on the device as root.

Vulnerability Identifier

Exodus Intelligence: EIP-5a0f4b12
MITRE: CVE-2024-23625

Vulnerability Metrics

CVSSv2 Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C
CVSSv2 Score: 8.3

Vendor References

The affected product is end-of-life and no patches are available.
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10266

Discovery Credit

Exodus Intelligence

Disclosure Timeline

Disclosed to Vendor: December 14, 2021
Vendor response to disclosure: January 27, 2022
Disclosed to public: January 25, 2024

Further Information

Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at [email protected]

Motorola MR2600 ‘SaveSysLogParams’ Command Injection Vulnerability

January 25, 2024January 25, 2024 by Exodus Advisories

EIP-552c9116

A command injection vulnerability exists in the ‘SaveSysLogParams’ parameter of the Motorola MR2600. A remote attacker can exploit this vulnerability to achieve command execution. Authentication is required, however can be bypassed.

Vulnerability Identifier

Exodus Intelligence: EIP-552c9116
MITRE: CVE-2024-23626

Vulnerability Metrics

CVSSv2 Vector: AV:A/AC:L/Au:S/C:C/I:C/A:C
CVSSv2 Score: 7.7

Vendor References

The affected product is end-of-life and no patches are available.

Discovery Credit

Exodus Intelligence

Disclosure Timeline

Disclosed to Vendor: April 29, 2021
Disclosed to public: January 25, 2024

Further Information

Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at [email protected]

Motorola MR2600 ‘SaveStaticRouteIPv6Params’ Command Injection Vulnerability

January 25, 2024January 25, 2024 by Exodus Advisories

EIP-ea3ab824

A command injection vulnerability exists in the ‘SaveStaticRouteIPv6Params’ parameter of the Motorola MR2600. A remote attacker can exploit this vulnerability to achieve command execution. Authentication is required, however can be bypassed.

Vulnerability Identifier

Exodus Intelligence: EIP-ea3ab824
MITRE: CVE-2024-23628

Vulnerability Metrics

CVSSv2 Vector: AV:A/AC:L/Au:S/C:C/I:C/A:C
CVSSv2 Score: 7.7

Vendor References

The affected product is end-of-life and no patches are available.

Discovery Credit

Exodus Intelligence

Disclosure Timeline

Disclosed to Vendor: April 29, 2021
Disclosed to public: January 25, 2024

Further Information

Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at [email protected]

Motorola MR2600 ‘SaveStaticRouteIPv4Params’ Command Injection Vulnerability

January 25, 2024January 25, 2024 by Exodus Advisories

EIP-f4472693

A command injection vulnerability exists in the ‘SaveStaticRouteIPv4Params’ parameter of the Motorola MR2600. A remote attacker can exploit this vulnerability to achieve command execution. Authentication is required, however can be bypassed.

Vulnerability Identifier

Exodus Intelligence: EIP-f4472693
MITRE: CVE-2024-23627

Vulnerability Metrics

CVSSv2 Vector: AV:A/AC:L/Au:S/C:C/I:C/A:C
CVSSv2 Score: 7.7

Vendor References

The affected product is end-of-life and no patches are available.

Discovery Credit

Exodus Intelligence

Disclosure Timeline

Disclosed to Vendor: April 29, 2021
Disclosed to public: January 25, 2024

Further Information

Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at [email protected]

Motorola MR2600 Authentication Bypass Vulnerability

January 25, 2024January 25, 2024 by Exodus Advisories

EIP-73ad9c0b

An authentication bypass vulnerability exists in the web component of the Motorola MR2600. An attacker can exploit this vulnerability to access protected URLs and retrieve sensitive information.

Vulnerability Identifier

Exodus Intelligence: EIP-73ad9c0b
MITRE: CVE-2024-23629

Vulnerability Metrics

CVSSv2 Vector: AV:A/AC:L/Au:N/C:C/I:C/A:N
CVSSv2 Score: 7.8

Vendor References

The affected product is end-of-life and no patches are available.

Discovery Credit

Exodus Intelligence

Disclosure Timeline

Disclosed to Vendor: April 29, 2021
Disclosed to public: January 25, 2024

Further Information

Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at [email protected]

Motorola MR2600 Arbitrary Firmware Upload Vulnerability

January 25, 2024January 25, 2024 by Exodus Advisories

EIP-d52674b0

An arbitrary firmware upload vulnerability exists in the Motorola MR2600. An attacker can exploit this vulnerability to achieve code execution on the device. Authentication is required, however can be bypassed.

Vulnerability Identifier

Exodus Intelligence: EIP-d52674b0
MITRE: CVE-2024-23630

Vulnerability Metrics

CVSSv2 Vector: AV:A/AC:L/Au:S/C:C/I:C/A:C
CVSSv2 Score: 7.7

Vendor References

The affected product is end-of-life and no patches are available.

Discovery Credit

Exodus Intelligence

Disclosure Timeline

Disclosed to Vendor: April 29, 2021
Disclosed to public: January 25, 2024

Further Information

Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at [email protected]

Arris SURFboard SBG6950AC2 Arbitrary Command Execution Vulnerability

January 25, 2024January 25, 2024 by Exodus Advisories

EIP-7777417a

An arbitrary command execution vulnerability exists in Arris SURFboard SBG6950AC2 devices. An unauthenticated attacker can exploit this vulnerability to achieve code execution as root.

Vulnerability Identifier

Exodus Intelligence: EIP-7777417a
MITRE: CVE-2024-23618

Vulnerability Metrics

CVSSv2 Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C
CVSSv2 Score: 8.3

Vendor References

The vendor has applied fixes in newer revisions of the firmware.

Discovery Credit

Exodus Intelligence

Disclosure Timeline

Disclosed to vendor: June 17, 2021
Vendor response to disclosure: June 21, 2021
Disclosed to public: January 25, 2024

Further Information

Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at [email protected]

IBM Merge Healthcare eFilm Workstation Hardcoded Credentials

January 25, 2024January 25, 2024 by Exodus Advisories

EIP-ec3c5a9d

A hardcoded credential vulnerability exists in IBM Merge Healthcare eFilm Workstation. A remote, unauthenticated attacker can exploit this vulnerability to achieve information disclosure or remote code execution.

Vulnerability Identifier

Exodus Intelligence: EIP-ec3c5a9d
MITRE: CVE-2024-23619

Vulnerability Metrics

CVSSv2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSSv2 Score: 10.0

Vendor References

The affected product is end-of-life and no patches are available.

Discovery Credit

Exodus Intelligence

Disclosure Timeline

Disclosed to vendor: July 30, 2021
Vendor response to disclosure: August 23, 2021
Disclosed to public: January 25, 2024

Further Information

Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at [email protected]

IBM Merge Healthcare eFilm Workstation License Server Buffer Overflow

January 25, 2024January 25, 2024 by Exodus Advisories

EIP-96bd11d3

A buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server. A remote, unauthenticated attacker can exploit this vulnerability to achieve remote code execution.

Vulnerability Identifier

Exodus Intelligence: EIP-96bd11d3
MITRE: CVE-2024-23621

Vulnerability Metrics

CVSSv2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSSv2 Score: 10.0

Vendor References

The affected product is end-of-life and no patches are available.

Discovery Credit

Exodus Intelligence

Disclosure Timeline

Disclosed to vendor: July 30, 2021
Vendor response to disclosure: August 23, 2021
Disclosed to public: January 25, 2024

Further Information

Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at [email protected]

EIP-13d90c2b

Vulnerability Metrics

Vendor References

Discovery Credit

Disclosure Timeline

Further Information

EIP-5a0f4b12

Vulnerability Metrics

Vendor References

Discovery Credit

Disclosure Timeline

Further Information

EIP-552c9116

Vulnerability Metrics

Vendor References

Discovery Credit

Disclosure Timeline

Further Information

EIP-ea3ab824

Vulnerability Metrics

Vendor References

Discovery Credit

Disclosure Timeline

Further Information

EIP-f4472693

Vulnerability Metrics

Vendor References

Discovery Credit

Disclosure Timeline

Further Information

EIP-73ad9c0b

Vulnerability Metrics

Vendor References

Discovery Credit

Disclosure Timeline

Further Information

EIP-d52674b0

Vulnerability Metrics

Vendor References

Discovery Credit

Disclosure Timeline

Further Information

EIP-7777417a

Vulnerability Metrics

Vendor References

Discovery Credit

Disclosure Timeline

Further Information

EIP-ec3c5a9d

Vulnerability Metrics

Vendor References

Discovery Credit

Disclosure Timeline

Further Information

EIP-96bd11d3

Vulnerability Metrics

Vendor References

Discovery Credit

Disclosure Timeline

Further Information

Intelligence

Support

Company