Linksys WAG54G2 Web Management Console Local Arbitrary Shell Command Injection Vulnerability

1. Linksys WAG54G2 router is a popular SOHO class device. It provides ADSL / WiFi / Ethernet interfaces. 2. When logged into web management console, it is possible to execute commands as root (tested on firmware: V1.00.10). 3. PoC: GET

ASMAX AR 804 gu Web Management Console Arbitrary Shell Command Injection Vulnerability

1. ASMAX 804 gu router is a SOHO class device. It provides ADSL / WiFi / Ethernet interfaces. 2. There is an *unauthenticated* maintenance script (named 'script') in /cgi-bin/ directory of the web management interface. 3. When 'system' paramether is passed to the script it allows running OS

HP LaserJet Pro printers remote admin password extraction

firmwares released 31.07.2013 issues summary published by vendor 02.08.2013 disclosure -- Michal Sajdak, Securitum