Vulnerabilities > CVE-2014-8384 - Unspecified vulnerability in Infocus In3128Hd Firmware 0.26
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The InFocus IN3128HD projector with firmware 0.26 does not restrict access to cgi-bin/webctrl.cgi.elf, which allows remote attackers to modify the DHCP server and device IP configuration, reboot the device, change the device name, and have other unspecified impact via a crafted request.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 1 | |
| Hardware | 1 |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/131661/CORE-2015-0008.txt |
| id | PACKETSTORM:131661 |
| last seen | 2016-12-05 |
| published | 2015-04-28 |
| reporter | Core Security Technologies |
| source | https://packetstormsecurity.com/files/131661/InFocus-IN3128HD-Projector-Missing-Authentication.html |
| title | InFocus IN3128HD Projector Missing Authentication |
References
- http://packetstormsecurity.com/files/131661/InFocus-IN3128HD-Projector-Missing-Authentication.html
- http://packetstormsecurity.com/files/131661/InFocus-IN3128HD-Projector-Missing-Authentication.html
- http://seclists.org/fulldisclosure/2015/Apr/88
- http://seclists.org/fulldisclosure/2015/Apr/88
- http://www.coresecurity.com/advisories/infocus-in3128hd-projector-multiple-vulnerabilities
- http://www.coresecurity.com/advisories/infocus-in3128hd-projector-multiple-vulnerabilities