This Metasploit module exploits a remote buffer overflow vulnerability on several Airties routers. The vulnerability exists in the handling of HTTP queries to the login cgi with long redirect parameters. The vulnerability doesn’t require authentication. This Metasploit module has been tested successfully on the AirTies_Air5650v3TT_FW_1.0.2.0.bin firmware with emulation. Other versions such as the Air6372, Air5760, Air5750, Air5650TT, Air5453, Air5444TT, Air5443, Air5442, Air5343, Air5342, Air5341, Air5021 are also reported as vulnerable.
Monthly Archives: May 2015
D-Link Devices UPnP SOAPAction-Header Command Execution
Different D-Link Routers are vulnerable to OS command injection in the UPnP SOAP interface. Since it is a blind OS command injection vulnerability, there is no output for the executed command. This Metasploit module has been tested on a DIR-645 device. The following devices are also reported as affected: DAP-1522 revB, DAP-1650 revB, DIR-880L, DIR-865L, DIR-860L revA, DIR-860L revB DIR-815 revB, DIR-300 revB, DIR-600 revB, DIR-645, TEW-751DR, TEW-733GR
Fedora EPEL 6 Security Update: rubygem-activesupport-2.3.18-6.el6
Resolved Bugs
905374 – CVE-2013-0333 rubygem-activesupport: json to yaml parsing [epel-6]<br
Update to newer version of rubygem-activesupport for CVE-2013-0333
Fedora EPEL 7 Security Update: php-symfony-2.5.12-1.el7
**2.5.12** (2015-05-27)
* security #14759 CVE-2015-4050 [HttpKernel] Do not call the FragmentListener if _controller is already defined (jakzal)