All Posts

Cisco Smart Software Manager On-Prem (SSM On-Prem) is susceptible to an account takeover vulnerability, which can be exploited by an unauthenticated attacker to gain unauthorized access and control over user accounts, including administrative accounts.

A low-privileged account can escalate to administrator privileges on the FS AP-515 access point by exploiting a misconfiguration in the '/web_config.do' endpoint, which exposes clear-text SSH and TELNET passwords. By retrieving these credentials, attackers can gain unauthorized SSH access and take full control of the device.

An insecure practice of placing the Loki application in a directory writable by all authenticated users can lead to persistence via DLL sideloading. If Loki is installed in such a directory, like 'C:\loki', an attacker could replace a legitimate DLL with a malicious one, giving the attacker persistent access to the affected system.

An authenticated threat actor can exploit a vulnerability in the ZKTeco WDMS due to improper write permissions on the 'django.wsgi' file. This misconfiguration allows the attacker to modify the file and execute arbitrary code with elevated privileges on the server, resulting in persistent access to the affected system.

An attacker can cause disruption of service by sending specially crafted HTTP requests to the sophos captive portal, which can lead to the targeted devices being disconnected from the internet and forced to re-login. This attack can be carried out by an attacker who is within range of the sophos captive portal.