Lucene search
K

74 matches found

NVD
NVD
added 2024/11/21 3:15 p.m.32 views

CVE-2024-21786

An OS command injection vulnerability exists in the web interface configuration upload functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

7.2CVSS0.10514EPSS
Exploits1References2
OSV
OSV
added 2024/11/21 3:15 p.m.4 views

CVE-2024-21786

An OS command injection vulnerability exists in the web interface configuration upload functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

7.2CVSS5.9AI score0.10514EPSS
Exploits1References2
CVE
CVE
added 2024/11/21 2:41 p.m.81 views

CVE-2024-21786

CVE-2024-21786 is an OS command injection vulnerability in MC Technologies MC LR Router 2.10.5. Cisco Talos details show the flaw resides in the web interface configuration upload path (cgi-bin/p/adm/cfg) where the request handling writes the user-supplied filename and derives file_type from the ...

7.2CVSS7.3AI score0.10514EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/11/21 2:41 p.m.15 views

CVE-2024-21786

An OS command injection vulnerability exists in the web interface configuration upload functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

7.2CVSS7.2AI score0.10514EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/11/21 2:41 p.m.40 views

CVE-2024-21786

An OS command injection vulnerability exists in the web interface configuration upload functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

7.2CVSS0.10514EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/11/21 12:0 a.m.4 views

PT-2024-19054 · Unknown · Mc Lr Router

Name of the Vulnerable Software and Affected Versions: MC LR Router version 2.10.5 Description: An OS command injection vulnerability exists in the web interface configuration upload functionality. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an...

7.2CVSS9.9AI score0.10514EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/11/21 12:0 a.m.3 views

MC Technologies MC LR Router 操作系统命令注入漏洞

MC Technologies MC LR Router is a router from the German company MC Technologies. An operating system command injection vulnerability exists in MC Technologies MC LR Router version 2.10.5, which stems from an OS command injection in the configuration upload function of the web interface and could...

7.2CVSS9.8AI score0.10514EPSS
Exploits1References1
Talos
Talos
added 2024/11/21 12:0 a.m.35 views

MC Technologies MC LR Router web interface configuration upload OS command injection vulnerability

Talos Vulnerability Report TALOS-2024-1954 MC Technologies MC LR Router web interface configuration upload OS command injection vulnerability November 21, 2024 CVE Number CVE-2024-21786 SUMMARY An OS command injection vulnerability exists in the web interface configuration upload functionality of...

7.2CVSS8AI score0.10514EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2024/02/06 12:0 a.m.6 views

PT-2024-20226 · Jsherp · Jsherp

Name of the Vulnerable Software and Affected Versions: jshERP version 3.3 Description: The issue concerns an Arbitrary File Upload vulnerability. The jshERP-boot/systemConfig/upload interface does not check the uploaded file type, and the biz parameter can be spliced into the upload path, resulti...

9.8CVSS9.2AI score0.0064EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2023/12/07 12:0 a.m.5 views

PT-2023-24338 · Supermicro · Supermicro X11

Name of the Vulnerable Software and Affected Versions: Supermicro X11 and M11 based devices versions through 3.17.02 Description: The configuration functionality in the Intelligent Platform Management Interface IPMI baseboard management controller BMC implementation allows remote authenticated...

8.8CVSS8.9AI score0.00959EPSS
Exploits0References7
BDU FSTEC
BDU FSTEC
added 2023/07/20 12:0 a.m.9 views

The vulnerability of the executable file FTSSBackupRestore.exe of the FactoryTalk Policy Manager and FactoryTalk System Services software allows a perpetrator to upload malicious configuration files.

The vulnerability of the executable file FTSSBackupRestore.exe from the manufacturing process management software FactoryTalk Policy Manager and the FactoryTalk System Services system service is related to deficiencies in the authentication process. Exploiting this vulnerability could allow...

5.9CVSS5.8AI score0.00197EPSS
Exploits0References5Affected Software2
Prion
Prion
added 2022/12/01 6:15 p.m.23 views

Command injection

An OS command injection vulnerability allows admins to execute code via SSL VPN configuration uploads in Sophos Firewall releases older than version 19.5 GA...

5.8CVSS7.3AI score0.01747EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2022/11/23 12:0 a.m.5 views

Optilink Network OP-XT71000N 跨站请求伪造漏洞

Optilink Network OP-XT71000N is a wireless router from Optilink Network India. The Optilink Network OP-XT71000N version V2.2 suffers from a cross-site request forgery vulnerability that stems from its inadequate protection of mgmconfigfile.asp allowing an attacker to create a crafted CSRF form to...

8.8CVSS7.7AI score0.00514EPSS
Exploits0References2
NVD
NVD
added 2022/11/02 5:15 p.m.19 views

CVE-2022-3575

Frauscher Sensortechnik GmbH FDS102 for FAdC R2 and FAdCi R2 v2.8.0 to v2.9.1 are vulnerable to malicious code upload without authentication by using the configuration upload function. This could lead to a complete compromise of the FDS102 device...

9.8CVSS0.0071EPSS
Exploits0References1
OSV
OSV
added 2022/11/02 5:15 p.m.3 views

CVE-2022-3575

Frauscher Sensortechnik GmbH FDS102 for FAdC R2 and FAdCi R2 v2.8.0 to v2.9.1 are vulnerable to malicious code upload without authentication by using the configuration upload function. This could lead to a complete compromise of the FDS102 device...

9.8CVSS5.8AI score0.0071EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/11/02 4:15 p.m.20 views

CVE-2022-3575 Frauscher Sensortechnik Diagnostic System FDS102 for FAdC R2 and FAdCi R2 configuration upload vulnerability

Frauscher Sensortechnik GmbH FDS102 for FAdC R2 and FAdCi R2 v2.8.0 to v2.9.1 are vulnerable to malicious code upload without authentication by using the configuration upload function. This could lead to a complete compromise of the FDS102 device...

9.8CVSS9.8AI score0.0071EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/11/02 4:15 p.m.3 views

CVE-2022-3575 Frauscher Sensortechnik Diagnostic System FDS102 for FAdC R2 and FAdCi R2 configuration upload vulnerability

Frauscher Sensortechnik GmbH FDS102 for FAdC R2 and FAdCi R2 v2.8.0 to v2.9.1 are vulnerable to malicious code upload without authentication by using the configuration upload function. This could lead to a complete compromise of the FDS102 device...

9.8CVSS7.3AI score0.0071EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/11/02 12:0 a.m.6 views

PT-2022-22959 · Frauscher Sensortechnik Gmbh · Fds102

Name of the Vulnerable Software and Affected Versions: Frauscher Sensortechnik GmbH FDS102 for FAdC R2 and FAdCi R2 versions 2.8.0 through 2.9.1 Description: The issue allows malicious code upload without authentication by using the configuration upload function, which could lead to a complete...

9.8CVSS9.5AI score0.0071EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/11/02 12:0 a.m.3 views

Frauscher Sensortechnik FDS102 代码问题漏洞

The Frauscher Sensortechnik FDS102 is a diagnostic system device from Frauscher. A code issue vulnerability exists in the Frauscher Sensortechnik FDS102 that originates from uploading malicious code without authentication via the configuration upload function...

9.8CVSS8.5AI score0.0071EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/05/11 12:0 a.m.5 views

PT-2022-16736 · Yubico · Yubikey

Name of the Vulnerable Software and Affected Versions: YubiKey affected versions not specified Description: The issue concerns incorrect access control in the Yubico OTP functionality of the YubiKey hardware tokens and the Yubico OTP validation server. The Yubico OTP is supposed to create...

6.5CVSS6.9AI score0.0098EPSS
Exploits1References7
Rows per page
Query Builder