From ddfc9bb71cf621d7dcdbaf4ad524fb30915ae902 Mon Sep 17 00:00:00 2001 From: Morad Abdelrasheed Mokhtar <48622891+qarqoush@users.noreply.github.com> Date: Sun, 18 Aug 2019 22:20:06 +0200 Subject: [PATCH 1/2] Create CVE-2019-3420.md --- CVE-2019-3420.md | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 CVE-2019-3420.md diff --git a/CVE-2019-3420.md b/CVE-2019-3420.md new file mode 100644 index 0000000..967c66c --- /dev/null +++ b/CVE-2019-3420.md @@ -0,0 +1,5 @@ +# CVE-2019-3420 +* Report: 18 AUGUST,2019 +* Credit: Morad Abdelrasheed Mokhtar +# PoC +https://github.com/qarqoush/Zata-Router-Takeover From 9c99e38d69809359558ac3a35d792767c9d443c9 Mon Sep 17 00:00:00 2001 From: Morad Abdelrasheed Mokhtar <48622891+qarqoush@users.noreply.github.com> Date: Sun, 18 Aug 2019 22:27:10 +0200 Subject: [PATCH 2/2] Update README.md --- README.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index d5933f1..06c0207 100644 --- a/README.md +++ b/README.md @@ -750,7 +750,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre - [CVE-2019-9213](#cve-2019-9213) - [CVE-2019-10038](#cve-2019-10038) - [CVE-2019-11358](#cve-2019-11358) - +- [CVE-2019-3420](#cve-2019-3420) ## Resource ### [CVE-2011-2856](https://github.com/Metnew/uxss-db/tree/master/chrome/CVE-2011-2856) @@ -3677,6 +3677,10 @@ If you enjoy this awesome list and would like to support it, check out my [Patre - jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. +### [CVE-2019-3420] + +- No Authorization required for ZTE ZXHN H108N V2.5 in wizard_wlan_t.gch, which allows the hacker to control Wi-Fi Settings. + ## Code of Conduct Please note that this project is released with a [Contributor Code of Conduct](code-of-conduct.md). By participating in this project you agree to abide by its terms.