Category Archives: Advisories

BACKDOOR.WIN32.AGENT.AMT / Authentication Bypass

Read Time:20 Second

Posted by malvuln on Mar 02

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/2a442d3da88f721a786ff33179c664b7.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Agent.amt
Vulnerability: Authentication Bypass
Description: The malware can run an FTP server which listens on TCP port
2121. Third-party attackers who can reach infected systems can logon using
any username/password…

Read More

Backdoor.Win32.Jeemp.c / Cleartext Hardcoded Credentials

Read Time:20 Second

Posted by malvuln on Mar 02

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/d6b192a4027c7d635499133ca6ce067f.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Jeemp.c
Vulnerability: Cleartext Hardcoded Credentials
Description: The malware listens on three TCP ports which are randomized
e.g. 9719,7562,8687,8948,7376,8396 so forth. There is an ESMTP server
component…

Read More

BACKDOOR.WIN32.AUTOSPY.10 / Unauthenticated Remote Command Execution

Read Time:20 Second

Posted by malvuln on Mar 02

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/b012704cad2bae6edbd23135394b9127.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.AutoSpy.10
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 1008. Third party adversaries
who can reach an infected host can issue various commands made available by…

Read More

BACKDOOR.WIN32.ARMAGEDDON.R / Hardcoded Cleartext Credentials

Read Time:19 Second

Posted by malvuln on Mar 02

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/68d135936512e88cc0704b90bb3839e0.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Armageddon.r
Vulnerability: Hardcoded Cleartext Credentials
Description: The malware listens on TCP port 5859 and requires
authentication. The password “KOrUPtIzEre” is stored in cleartext within
the PE file at…

Read More

Multilaser Router – Access Control Bypass through Cookie Manipulation – CVE-2023-38946

Read Time:16 Second

Posted by Vinícius Moraes on Mar 02

=====[Tempest Security Intelligence – Security Advisory –
CVE-2023-38946]=======

Access Control Bypass in Multilaser router’s Web Management Interface

Author: Vinicius Moraes < vinicius.moraes.w () gmail com >

=====[Table of
Contents]========================================================

1. Overview
2. Detailed description
3. Other contexts & solutions
4. Acknowledgements
5. Timeline
6. References

=====[1….

Read More

Multilaser Router – Access Control Bypass through URL Manipulation – CVE-2023-38945

Read Time:16 Second

Posted by Vinícius Moraes on Mar 02

=====[Tempest Security Intelligence – Security Advisory –
CVE-2023-38945]=======

Access Control Bypass in Multilaser routers’ Web Management Interface

Author: Vinicius Moraes < vinicius.moraes.w () gmail com >

=====[Table of
Contents]========================================================

1. Overview
2. Detailed description
3. Other contexts & solutions
4. Acknowledgements
5. Timeline
6. References

=====[1….

Read More

Multilaser Router – Access Control Bypass through Header Manipulation – CVE-2023-38944

Read Time:16 Second

Posted by Vinícius Moraes on Mar 02

=====[Tempest Security Intelligence – Security Advisory –
CVE-2023-38944]=======

Access Control Bypass in Multilaser routers’ Web Management Interface

Author: Vinicius Moraes < vinicius.moraes.w () gmail com >

=====[Table of
Contents]========================================================

1. Overview
2. Detailed description
3. Other contexts & solutions
4. Acknowledgements
5. Timeline
6. References

=====[1….

Read More