TP-Link TL-WR802N V4(JP) vulnerable to OS command injection

Overview TP-Link TL-WR802N is a wifi router for home networks. The firmware version 170705 is reported vulnerable to OS command injection CWE-78. Impact Any user who can login to the web interface of the affected product may execute any OS commands. Solution Update the Firmware Update to the late...

Lantronix PremierWave 2050 操作系统命令注入漏洞

The Lantronix PremierWave 2050 is an embedded enterprise Wi-Fi module from Lantronix, Inc. Used to provide reliable and always-on 5G Wi-Fi connectivity, the Lantronix PremierWave 2050 version 8.9.0.0R4 is vulnerable to an operating system command injection vulnerability that can be exploited by...

Git 操作系统命令注入漏洞

Git-it is a free, open-source distributed version control system. Git-it is vulnerable to an OS command injection vulnerability that could be exploited by an attacker to inject OS commands during the Branches Arent For Birds challenge step...

Lantronix PremierWave 2050 操作系统命令注入漏洞

The Lantronix PremierWave 2050 is an embedded enterprise Wi-Fi module from Lantronix, Inc. Used to provide reliable and always-on 5G Wi-Fi connectivity, the Lantronix PremierWave 2050 in version 8.9.0.0R4 is vulnerable to OS command injection, which can be exploited by attackers to execute...

Catalyst IT Mahara 操作系统命令注入漏洞

Catalyst IT Mahara is a social networking system from Catalyst IT in New Zealand. The system includes a blog, resume builder, file manager, and more. Mahara suffers from an operating system command injection vulnerability that can be exploited to conduct cross-site scripting attacks via the...

Exploit for OS Command Injection in Dlink Dir-859_Firmware

IoT-vulhub 受 Vulhub 项目的启发，希望做一个 IoT 版的固件漏洞复现环境。 安装 在 Ubuntu 20.04 下安装 docker 和 docker-compose： sh 安装 pip $ curl -s https://bootstrap.pypa.io/get-pip.py | python3 安装最新版 docker $ curl -s https://get.docker.com/ | sh 启动 docker 服务 $ systemctl start docker 安装 docker-compose $ python3 -m pip install...

多款Altus Sistemas de Automacao产品操作系统操作系统命令注入漏洞

The Altus Sistemas de Automacao Nexto NX30xx, among others, is an industrial automation device from the Brazilian company Altus Sistemas de Automacao. An operating system command injection vulnerability exists in several Altus Sistemas de Automacao devices. The vulnerability stems from the tcpdum...

VulnCheck KEV: CVE-2021-25298

Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server...

Cisco 多款产品操作系统命令注入漏洞

Cisco DNA Spaces is a set of indoor location services platform of the United States Cisco Cisco. An operating system command injection vulnerability exists in Cisco DNA Spaces Connector versions prior to 2.3.1, which can be exploited by an attacker to execute arbitrary operating system commands o...

iWT FaceSentry Access Control System 操作系统命令注入漏洞

iWT FaceSentry Access Control System is an iWT open source application. It provides an access control function. iWT FaceSentry Access Control System 6.4.8 suffers from an operating system command injection vulnerability that allows injection of authenticated OS commands using default credentials...

baserCMS 操作系统命令注入漏洞

BaserCMS is an open source enterprise-level content management system cms. An OS command injection vulnerability exists in BaserCMS versions prior to 4.4.5. A remote attacker with administrator privileges can exploit this vulnerability to execute arbitrary OS commands...

Npm port-killer 操作系统命令注入漏洞

Npm port-killer is an application from Npm. It provides a function to terminate a process running on a given port. An operating system command injection vulnerability exists in Npm port-killer, which uses sub-processes to execute functions without input checking...

react-dev-utils 操作系统命令注入漏洞

Helper create-react-app is Helper open source an application . It is used to hide code that should not burden the user when popping up. react-dev-utils prior to v11.0.4 An operating system command injection vulnerability exists, which stems from the fact that command injection is possible when th...

Kazi Mehedi docker-web-gui 操作系统命令注入漏洞

Kazi Mehedi docker-web-gui is Kazi Mehedi an open source application . It provides a simple GUI interface for Docker containers. rakibtg Docker Dashboard suffers from an operating system command injection vulnerability that allows commands to be injected into the backend tool terminal.js via shel...

Nozomi Networks CMC Operating System Command Injection Vulnerability

NOZOMI Nozomi Networks CMC is an application from NOZOMI USA. It provides centralized OT and IoT security management. Nozomi Networks CMC 20.0.7.3 version 20.0.7.3 and prior versions An operating system command injection vulnerability exists that allows an authenticated administrator to perform...

Infoscience Logstorage and Infoscience ELC Analytics Operating System Command Injection Vulnerability

Infoscience Logstorage and Infoscience ELC Analytics are both products of Infoscience Japan.Infoscience Logstorage is an integrated log management tool. The device collects logs from all company information systems for integrated management.Infoscience ELC Analytics is a server log management too...

TP-Link TL-WR841N V13 (JP) vulnerable to OS command injection

Overview ​TP-Link TL-WR841N is a wifi router for home networks. The firmware version 161028 for hardware version V13 JP is reported vulnerable to OS command injection CWE-78. According to the vendor, the firmware for hardware version V14 JP is not affected. Koh You Liang of 3-shake Inc. reported...

lookatme OS Command Injection Vulnerability

lookatme is a terminal-based, interactive pypi codebase for markdown presentations for individual developers. An operating system command injection vulnerability exists in lookatme python/pypi package versions prior to 2.3.0, which can be exploited by an attacker to automatically run malicious...

Exploit for OS Command Injection in Gpononu 1Ge_Router_Wifi_Onu_V2801Rw_Firmware

A proof of concept for CVE-2020-8958 written in Python. The scri...

FarSite Communications FarLinX X25 Gateway OS Command Injection Vulnerability

FarSite Communications FarLinX X25 Gateway is a gateway product from FarSite Communications, UK. It features a browser interface, online statistics set, connection logging, active session display and status change alerts. FarSite Communications FarLinX X25 Gateway 2014-09-25 and prior versions of...