Backdoor access to Techboard/Syac devices

2014-07-07 Thread roberto . paleari
[ADVISORY INFORMATION] Title: Backdoor access to Techboard/Syac devices Discovery date: 02/04/2014 Release date: 07/07/2014 Advisory URL: http://blog.emaze.net/2014/07/backdoor-techboardsyac.html Credits:Roberto Paleari (@rpaleari), Luca Giancane (luca.gianc

Weak firmware encryption and predictable WPA key on Sitecom routers

2014-04-24 Thread roberto . paleari
[ADVISORY INFORMATION] Title: Weak firmware encryption and predictable WPA key on Sitecom routers Discovery date: 17/02/2014 Release date: 24/04/2014 Credits:Roberto Paleari (@rpaleari) Alessandro Di Pinto (@adipinto) Advisory URL: http://blog.emaze.net

Multiple vulnerabilities on Sitecom N300/N600 devices

2013-08-19 Thread roberto . paleari
Multiple vulnerabilities on Sitecom N300/N600 devices = [ADVISORY INFORMATION] Title: Multiple vulnerabilities on Sitecom N300/N600 devices Discovery date: 01/06/2013 Release date: 19/08/2013 Credits:Roberto Paleari

Huawei B153 3G/UMTS router WPS weakness

2013-08-05 Thread roberto . paleari
-weakness.html Credits:Roberto Paleari (roberto.pale...@emaze.net, @rpaleari) Alessandro Di Pinto (alessandro.dipi...@emaze.net, @adipinto) [VULNERABILITY INFORMATION] Class: Authentication bypass [AFFECTED PRODUCTS] We confirm the presence of the security

Hard-coded accounts on multiple network cameras

2013-07-11 Thread roberto . paleari
Hard-coded accounts on multiple network cameras === [ADVISORY INFORMATION] Title: Hard-coded accounts on multiple network cameras Discovery date: 05/06/2013 Release date: 11/07/2013 Advisory URL: http://goo.gl/82Rlb Credits:Roberto

Multiple buffer overflows on Huawei SNMPv3 service

2013-05-06 Thread roberto . paleari
Multiple buffer overflows on Huawei SNMPv3 service == [ADVISORY INFORMATION] Title: Multiple buffer overflows on Huawei SNMPv3 service Discovery date: 11/02/2013 Release date: 06/05/2013 Credits:Roberto Paleari (roberto.pale

Sitecom WLM-3500 backdoor accounts

2013-04-17 Thread roberto . paleari
Sitecom WLM-3500 backdoor accounts == [ADVISORY INFORMATION] Title: Sitecom WLM-3500 backdoor accounts Discovery date: 24/03/2013 Release date: 16/04/2013 Credits:Roberto Paleari (roberto.pale...@emaze.net, @rpaleari) Advisory URL: http

Weak password encryption on Huawei products

2012-11-13 Thread roberto . paleari
Weak password encryption on Huawei products === [ADVISORY INFORMATION] Title: Weak password encryption on Huawei products Release date: 13/11/2012 Credits:Roberto Paleari, Emaze Networks (roberto.pale...@emaze.net) Ivan

Unauthenticated remote code execution on D-Link ShareCenter products

2012-02-08 Thread roberto . paleari
/2012 Credits:Roberto Paleari, Emaze Networks S.p.A (roberto.pale...@emaze.net) [VULNERABILITY INFORMATION] Class: Authentication bypass, remote code execution [AFFECTED PRODUCTS] We confirm the presence of the security vulnerabilities on the following products/firmware versions

ZOHO ManageEngine ADSelfService Plus Administrative Access

2011-10-11 Thread roberto . paleari
ZOHO ManageEngine ADSelfService Plus Administrative Access == [ADVISORY INFORMATION] Title: ZOHO ManageEngine ADSelfService Plus Administrative Access Release date: 10/10/2011 Last update:10/10/2011 Credits:Roberto

Multiple vulnerabilities in several IP camera products

2011-06-08 Thread roberto . paleari
Multiple vulnerabilities in several IP camera products == [ADVISORY INFORMATION] Title: Multiple vulnerabilities in several IP camera products Release date: 08/06/2011 Last update:08/06/2011 Credits:Roberto Paleari

Linux Kernel 2.6.38 Remote NULL Pointer Dereference

2011-05-16 Thread roberto . paleari
Fattori, Università degli Studi di Milano (joyst...@security.dico.unimi.it) Roberto Paleari, Emaze Networks S.p.A (roberto.pale...@emaze.net) [Vulnerability Information] Class: Remote NULL pointer dereference CVE: [Affected Software] We confirm the presence