advisory – Pentest Blog

Advisory | NetModule Router Software Race Condition Leads to Remote Code Execution

August 9, 2023August 21, 2023 Nuri Çilengir Leave a comment

Introduction

NetModule Router Software (NRSW) is a Linux-based software solution developed by NetModule for managing data connections across various devices. It applies to a various devices, including stationary and mobile routers, gateways, and IoT devices. NRSW provides consistent configuration processes and functions across all NetModule devices. It includes security features and supports over-the-air updates. NetModule also provides free updates and support for NRSW, contributing to its overall functionality and efficiency in network operations.

Advisory | Roxy-WI Unauthenticated Remote Code Executions CVE-2022-31137

July 26, 2022July 26, 2022 Nuri Çilengir Leave a comment

Roxy-WI was created for people who want a fault-tolerant infrastructure but do not want to dive deep into the details of setting up and creating a cluster based on HAProxy / NGINX and Keepalived, or just need a convenient interface for managing all services in one place.

Advisory Information

Remotely Exploitable: Yes
Authentication Required: No
Vendor URL: roxy-wi.org
CVSSv3.1 Score: 10.0 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L)
Date of found: 10.06.2022

Advisory | GLPI Service Management Software Multiple Vulnerabilities and Remote Code Execution

July 8, 2022July 11, 2022 Nuri Çilengir Leave a comment

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing.

LiderAhenk 0day – All your PARDUS Clients Belongs To Me (CVE-2021-3825)

September 21, 2021September 23, 2021 Mehmet Ince Leave a comment

LiderAhenk is an open source software system that enables centralized management, monitoring and control of systems and users on the corporate network.

In this blog post, you will see how bad it can get when you have a critical security vulnerability on your centralized client management system.

Pardus 21 Linux Distro – Remote Code Execution 0day 2021 CVE-2021-3806

September 13, 2021September 21, 2021 Mehmet Ince Leave a comment

A couple of days ago, I came up with news that Pardus will organize a report-bug contest. I love to contribute to open-source projects. So that was a pretty good chance to revisit one of my old friends, Pardus, and uncover security and/or privacy issues.