The vulnerability of Zyxel network devices’ microprogramming software arises from the lack of measures taken to neutralize special elements used in the operating system commands. This allows attackers to execute arbitrary commands.

The vulnerability of Zyxel network devices’ microprogramming software exists due to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

QNX Qconn Command Execution Exploit

This Metasploit module uses the qconn daemon on QNX systems to gain a shell. The QNX qconn daemon does not require authentication and allows remote users to execute arbitrary operating system commands. This Metasploit module has been tested successfully on QNX Neutrino 6.5.0 x86 and 6.5.0 SP1 x86...

The vulnerability of the microprogrammed network device software of Zyxel ATP, USG FLEX, and USG FLEX 50(W)/USG20(W)-VPN lies in the lack of measures to neutralize special elements used in the operating system’s command set. This allows attackers to execute arbitrary commands.

The vulnerability of the microprogrammed software in Zyxel ATP, USG FLEX, and USG FLEX 50W/USG20W-VPN devices is related to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary...

CVE-2024-6342

UNSUPPORTED WHEN ASSIGNED A command injection vulnerability in the export-cgi program of Zyxel NAS326 firmware versions through V5.21AAZF.18C0 and NAS542 firmware versions through V5.21ABAG.15C0 could allow an unauthenticated attacker to execute some operating system OS commands by sending a...

CVE-2024-6342

UNSUPPORTED WHEN ASSIGNED A command injection vulnerability in the export-cgi program of Zyxel NAS326 firmware versions through V5.21AAZF.18C0 and NAS542 firmware versions through V5.21ABAG.15C0 could allow an unauthenticated attacker to execute some operating system OS commands by sending a...

CVE-2024-8517 SPIP Bigup Multipart File Upload OS Command Injection

SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. A remote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart file upload HTTP request...

Vulnerability fixed in Zyxel Access Points and Secure Routers

Zyxel has fixed a vulnerability in several types of Access Points and Secure Routers. The vulnerability is in the way the cgi system processes the 'host' parameter and allows a malicious person to execute OS-level commands. For successful exploitation, the malicious party must have access to the...

CVE-2024-7203

A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.60 through V5.38 and USG FLEX series firmware versions from V4.60 through V5.38 could allow an authenticated attacker with administrator privileges to execute some operating system OS commands on a...

CVE-2024-7203

CVE-2024-7203 describes a post-authentication command-injection in Zyxel USG FLEX and ATP firmware (versions V4.60–V5.38). An authenticated administrator could execute OS commands on affected devices by sending crafted CLI input. Reported impact in sources includes potential for arbitrary OS comm...

TOTOLINK X5000r Command Injection Vulnerability

The TOTOLINK X5000r is a wireless router manufactured by TOTOLINK. TOTOLINK X5000r has a command injection vulnerability in version 9.1.0cu.2350b20230313. The vulnerability arises because the setAccessDeviceCfg function within the /cgi-bin/cstecgi.cgi file fails to properly validate or clean up...

Siemens SINEC NMS Elevation of Privilege Vulnerability (CNVD-2024-35426)

SINEC NMS is a new generation network management system for digital enterprises. An elevation of privilege vulnerability exists in Siemens SINEC NMS, which can be exploited by an attacker to execute operating system commands with elevated privileges...

PT-2024-19112 · Envoy · Envoy

Name of the Vulnerable Software and Affected Versions: Envoy versions 4.x through 5.x Description: The issue is related to inadequate encryption strength, allowing an authenticated attacker to execute arbitrary OS commands via encrypted package upload. Recommendations: For Envoy versions 4.x...

The vulnerability of SysAid’s software for supporting and controlling hardware and software systems lies in the lack of measures taken to neutralize special elements used in the operating system commands. This allows attackers to execute arbitrary commands.

The vulnerability of the software used for supporting and controlling hardware and software systems of SysAid is related to the failure to take measures to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrar...

The vulnerability of the lib-src/etags.c file of the EMACS text editor’s etags component allows a hacker to execute arbitrary code.

The vulnerability of the lib-src/etags.c file of the EMACS text editor’s etags component is related to the improper elimination of special elements used in the OS command. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the command-line interface (CLI) of the Junos OS Evolved routers from the PTX Series, ACX Series, and QFX Series allows a attacker to elevate their privileges to the root level.

The vulnerability of the command-line interface CLI of Junos OS Evolved routers from the PTX Series, ACX Series, and QFX Series exists due to the lack of measures taken to neutralize special elements used in operating system commands. Exploiting this vulnerability can allow attackers to elevate...

PT-2024-25648 · Elecom · Elecom Wireless Lan Routers

Name of the Vulnerable Software and Affected Versions: ELECOM wireless LAN routers affected versions not specified Description: The issue allows for the unrestricted upload of files with dangerous types in ELECOM wireless LAN routers. A specially crafted file can be uploaded by a logged-in user...

CVE-2022-4002

A command injection vulnerability could allow an authenticated user to execute operating system commands as root via a specially crafted API request...

CVE-2022-4002

A command injection vulnerability could allow an authenticated user to execute operating system commands as root via a specially crafted API request...

CVE-2022-4002

Motorola Q14 Mesh Router firmware vulnerability: a command-injection flaw exists prior to version 1.5.0.16 that could let an authenticated user execute OS commands as root via a crafted API request. The issue affects the Q14 firmware family before the stated fix; exploitation context and in-the-w...

The vulnerability of the software for processing, transforming, and generating documents using Ghostscript arises from the improper neutralization of special elements used in operating system commands. This allows an attacker to execute arbitrary code.

The vulnerability of the software for processing, transforming, and generating Ghostscript documents is related to the introduction of a specially created pipe command. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...