Use of these names, logos, and brands does not imply endorsement. The affected components are as follows: Only existing targets allowed, i. This could lead to local escalation of privilege with no additional execution privileges needed. Limitations in extensibility and stability of operation are to be expected. Daniel Fernandez Bleda – Severity: If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.
|Date Added:||6 March 2016|
|File Size:||14.61 Mb|
|Operating Systems:||Windows NT/2000/XP/2003/2003/7/8/10 MacOS 10/X|
|Price:||Free* [*Free Regsitration Required]|
Values in this field link to pages explaining in detail what is unsupported and why, what the concequences are and what you can do about it. An authenticated attacker could use this flaw to write to a destination outside the gluster volume. The affected components are as follows: User Tools Register Log In. First contact with the vendor.
Initial vendor notification sent. Daniel Fernandez Bleda – Severity: Also, access control is defficient and do not control access at all. Problem seems to be not much easy to correct. Access with “admin” privileged permissions to user “user”. Some yg536 in the configuration description options are vulenrables to Cross Site SCripting attacks due improper validatation:.
COMTREND CT/HG+ XSS / Denial Of Service ≈ Packet Storm
It is, therefore, affected by multiple vulnerabilities in multiple components, some of which are remote code execution vulnerabilities. The CT is an DoS of the Web Configuration interface although the router continues routing.
Except where otherwise noted, content on this wiki is licensed under the following license: Some cases the result also applies not only to http and the router needs reboot, loosing the configuration and reseting to default values. Techdata fixed setting for all devices, not to be edited Mandatory usage of types: Discontinued Supported Since Rel: Reset of router configuration.
Credentials are send in clear text so “user” could get them easily. Consider this when chosing a device to buy, or when deciding to flash OpenWrt on your device because it is listed as supported. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.
OEM comrend homepage Link to manufacturers device page http: Limitations in extensibility and stability of operation are to be expected.
Techdata: Comtrend HG-536+
Use of these names, logos, and brands does not imply endorsement. All product names, logos, and brands are property of their respective owners.
Vulnerability acquired by Internet Security Auditors April 18, Reported as MSVR All company, product and service names used in this website are for identification purposes only. This means default passwords, open wireless network, etc. If you comtrwnd an owner of some content and want it to be removed, please mail to content vulners.
Why has it been changed? Small formfactor wallwart-sized textbox no restrictions, anything is possible. List multiple values comma separated. Founded inthe company operates globally. All company, product and service names used in this website are for identification purposes only.