EE 4GEE HH70 Router Vulnerability Disclosure

Update: 26/10/2018 – EE have released patch that fixes the issue. Users are recommended to follow the EE router upgrade process via the web UI.

Hardware Version/Model: 4GEE Router HH70VB-2BE8GB3 (HH70VB)
Vulnerable Software Version: HH70_E1_02.00_19
Patched Software Version: HH70_E1_02.00_21
Vulnerability CVE(s): CVE-2018-10532
Product URL: https://shop.ee.co.uk/dongles/pay-monthly-mobile-broadband/4gee-router/details

(more…)

GoodSAM App – CSRF/Stored XSS Chain Full Disclosure

“We take your data protection extremely seriously. We are registered with the Information Commissioners Office (no: ZA094052) and our technology team take the security of our data and servers very seriously. “

(more…)

Kioptrix 1.1 (Level 2) Writeup


Nmap scan report for 192.168.74.134
Host is up (0.00018s latency).
Not shown: 994 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
111/tcp  open  rpcbind
443/tcp  open  https
631/tcp  open  ipp
3306/tcp open  mysql

(more…)