27 matches found
GenieACS => 1.2.8 - OS Command Injection
In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument lib/ui/api.ts and lib/ping.ts. The vulnerability arises from insufficient input validation combined with a missing authorization check. id: CVE-2021-46704 info:...
CVE-2025-56015
In GenieACS 1.2.13, an unauthenticated access vulnerability exists in the NBI API endpoint...
EUVD-2025-209276
In GenieACS 1.2.13, an unauthenticated access vulnerability exists in the NBI API endpoint...
GenieACS has an unauthenticated access vulnerability via the NBI API endpoint
In GenieACS 1.2.13, an unauthenticated access vulnerability exists in the NBI API endpoint...
GHSA-2H6J-MHCP-9J9H GenieACS has an unauthenticated access vulnerability via the NBI API endpoint
In GenieACS 1.2.13, an unauthenticated access vulnerability exists in the NBI API endpoint...
CVE-2025-56015
In GenieACS 1.2.13, an unauthenticated access vulnerability exists in the NBI API endpoint...
Access Control Bypass
Overview genieacs is an A TR-069 Auto Configuration Server ACS Affected versions of this package are vulnerable to Access Control Bypass via the NBI API endpoint. An attacker can gain unauthorized access to sensitive functionality or data by sending unauthenticated requests. Remediation There is ...
Exploit for CVE-2025-56015
CVE-2025-56015 GenieACS RCE !Authorhttps://img.shields.i...
CVE-2025-56015
In GenieACS 1.2.13, an unauthenticated access vulnerability exists in the NBI API endpoint...
GenieACS 安全漏洞
GenieACS is an open-source high-performance automatic configuration server designed for remote management of devices enabled with TR-069. Version 1.2.13 of GenieACS contains a security vulnerability, which stems from unvalidated access to the NBI API endpoint...
CVE-2025-56015
In GenieACS 1.2.13, an unauthenticated access vulnerability exists in the NBI API endpoint...
CVE-2025-56015
CVE-2025-56015 affects GenieACS 1.2.13, with an unauthenticated access vulnerability in the NBI API endpoint. The connected sources describe a proof‑of‑concept exploit enabling sandbox escape and arbitrary code execution (RCE) via the NBI API, potentially leading to full server compromise. Exploi...
PT-2026-30981
In GenieACS 1.2.13, an unauthenticated access vulnerability exists in the NBI API endpoint...
CVE-2025-56015
In GenieACS 1.2.13, an unauthenticated access vulnerability exists in the NBI API endpoint...
CVE-2021-46704
In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument lib/ui/api.ts and lib/ping.ts. The vulnerability arises from insufficient input validation combined with a missing authorization check...
Exploit for OS Command Injection in Genieacs
OS Command Injection in GenieACS CVE-2021-46704 CVE-2021-46704...
Exploit for OS Command Injection in Genieacs
CVE-2021-46704-POC CVE-2021-46704 GenieACS Command Injection P...
GenieACS OS Command Injection Vulnerability
GenieACS is a high-performance automatic configuration server ACS for remote management of TR-069-enabled devices. GenieACS is vulnerable to an OS command injection vulnerability, which stems from inadequate input validation and lack of authorization checks, and can be exploited by attackers to...
OS Command Injection
genieacs is vulnerable to OS command injection. An attacker is able to inject malicious OS command via the ping host argument of lib/ui/api.ts and lib/ping.ts because it does not escape the argument and does not properly perform authorization check...
OS Command Injection in GenieACS
In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument lib/ui/api.ts and lib/ping.ts. The vulnerability arises from insufficient input validation combined with a missing authorization check...