Type of bugs we have found!
çWeb management console
¼Auth bypass [link] [link]
¼XSS - reflected and persistent! [link]
¼CSRF - most devices are affected
¼Privilege escalation [link] [link]
¼Call jacking (new type of attack): hijacking VoIP calls via HTTP with creativity [link] [link]
çSNMP
¼Password leaks via SNMP read access
¼Came up with new type of attack: SNMP injection
çUPnP (SOAP XML)
¼UPnP doesn’t use passwords by design
¼Forging interesting requests. i.e.: ‘setDNSServer’
¼Onion routers via abused ‘NewInternalClient’ calls
¼Can be forged either with XSS+ XMLHttpRequest() or Flash’s navigateToURL()
¼Predictable default WEP/WPA algorithms [link]
ç