CVE-2017-6079 – Blind Command Injection in Edgewater Edgemarc Devices
Posted on May 16, 2017Link
During a recent external penetration test, one of the many servers listening on the default HTTP port 80 caught my eye. The web server threw a HTTP Basic Authentication login prompt immediately upon viewing it, which was unique amongst this particular target network. Some time was spent trying to fingerprint the device and nmap did most of the heavy lifting for...Continue reading