810 Firmware
Monthly
Insecure default telnet credentials in UTT HiPER 810 router firmware v1.5.0. Default credentials are publicly known, enabling unauthenticated access to the router management. PoC available.
Command injection in UTT HiPER 810 Firmware version 1.7.4-141218 allows authenticated remote attackers to execute arbitrary commands through manipulation of the policyNames parameter in the /goform/formPdbUpConfig endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. Attackers with login credentials can achieve code execution with minimal complexity.
810 Firmware versions up to 1.7.4-141218 contains a vulnerability that allows attackers to command injection (CVSS 7.2).
Remote code execution in UTT HiPER 810 Firmware 1.7.4-141218 via command injection in the user administration function allows unauthenticated attackers to execute arbitrary commands over the network. The vulnerability exists in the passwd1 parameter of the /goform/formUser endpoint and has public exploit code available. No patch is currently available from the vendor, who has been unresponsive to disclosure attempts.
UTT HiPER 810 router firmware 1.7.4 has a stack buffer overflow in the /goform/setNat endpoint's strcpy function, enabling remote attackers to execute arbitrary code.
Insecure default telnet credentials in UTT HiPER 810 router firmware v1.5.0. Default credentials are publicly known, enabling unauthenticated access to the router management. PoC available.
Command injection in UTT HiPER 810 Firmware version 1.7.4-141218 allows authenticated remote attackers to execute arbitrary commands through manipulation of the policyNames parameter in the /goform/formPdbUpConfig endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. Attackers with login credentials can achieve code execution with minimal complexity.
810 Firmware versions up to 1.7.4-141218 contains a vulnerability that allows attackers to command injection (CVSS 7.2).
Remote code execution in UTT HiPER 810 Firmware 1.7.4-141218 via command injection in the user administration function allows unauthenticated attackers to execute arbitrary commands over the network. The vulnerability exists in the passwd1 parameter of the /goform/formUser endpoint and has public exploit code available. No patch is currently available from the vendor, who has been unresponsive to disclosure attempts.
UTT HiPER 810 router firmware 1.7.4 has a stack buffer overflow in the /goform/setNat endpoint's strcpy function, enabling remote attackers to execute arbitrary code.