CVE-2008-6824
published 2009-06-04CVE-2008-6824: The management interface on the A-LINK WL54AP3 and WL54AP2 access points has a blank default password for the admin account, which makes it easier for remote…
PriorityP357critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
3.57%
87.9th percentile
The management interface on the A-LINK WL54AP3 and WL54AP2 access points has a blank default password for the admin account, which makes it easier for remote attackers to obtain access.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
A-Link WL54AP3 / WL54AP2 - Cross-Site Request Forgery / Cross-Site Scripting
exploitdb·2008-10-31
CVE-2008-6824 A-Link WL54AP3 / WL54AP2 - Cross-Site Request Forgery / Cross-Site Scripting
A-Link WL54AP3 / WL54AP2 - Cross-Site Request Forgery / Cross-Site Scripting
---
Louhi Networks Information Security Research
Security Advisory
Advisory: A-Link WL54AP3 and WL54AP2 CSRF+XSS vulnerability
Release Date: 2008/10/31
Last Modified: 2008/10/28
Authors: Jussi Vuokko, CISSP [[email protected]]
Henri Lindberg [[email protected]]
Device: A-Link WL54AP3 and WL54AP2 (any firmware)
Severity: CSRF and XSS in management interface
Risk: Moderate
Vendor Status: Vendor has released an updated version
References: http://www.louhinetworks.fi/advisory/alink_081028.txt
Overview:
Quote from http://www.a-link.com/
"WLAN Access point 54MB, 4-port
Wlan Access point, wireless 54Mbps, DSSS, 802.11g-standard based and
it's compatible also with other manufacturers cards."
During an a
Exploit-DB
Microsoft Windows Server - Code Execution (PoC) (MS08-067)
exploitdb·2008-10-23
CVE-2008-4250 Microsoft Windows Server - Code Execution (PoC) (MS08-067)
Microsoft Windows Server - Code Execution (PoC) (MS08-067)
---
In vstudio command prompt:
mk.bat
next:
attach debugger to services.exe (2k) or the relevant svchost (xp/2k3/...)
net use \\IPADDRESS\IPC$ /user:user creds
die \\IPADDRESS \pipe\srvsvc
In some cases, /user:"" "", will suffice (i.e., anonymous connection)
You should get EIP -> 00 78 00 78, a stack overflow (like a guard page
violation), access violation, etc. However, in some cases, you will get
nothing.
This is because it depends on the state of the stack prior to the "overflow".
You need a slash on the stack prior to the input buffer.
So play around a bit, you'll get it working reliably...
poc:
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/6824.zip (2008-ms08-067.zip)
# milw0rm.co
No writeups or analysis indexed.
http://www.louhinetworks.fi/advisory/alink_081028.txthttp://www.securityfocus.com/archive/1/497997/100/0/threadedhttps://exchange.xforce.ibmcloud.com/vulnerabilities/51199https://www.exploit-db.com/exploits/6899http://www.louhinetworks.fi/advisory/alink_081028.txthttp://www.securityfocus.com/archive/1/497997/100/0/threadedhttps://exchange.xforce.ibmcloud.com/vulnerabilities/51199https://www.exploit-db.com/exploits/6899
2009-06-04
Published