Digi多款产品 安全漏洞

Digi PortServer TS and others are products of Digi Corporation.Digi PortServer TS is Digi One SP is an industrial-grade serial device server.Digi One IAP is an industrial automation protocol converter and intelligent serial server designed for PLC and SCADA systems. A security vulnerability exist...

CVE-2024-12010

A post-authentication command injection vulnerability in the ”zyUtilMailSend” function of the Zyxel AX7501-B1 firmware version V5.17ABPC.5.3C0 and earlier could allow an authenticated attacker with administrator privileges to execute operating system OS commands on a vulnerable device...

CVE-2024-12009

A post-authentication command injection vulnerability in the "ZyEE" function of the Zyxel EX5601-T1 firmware version V5.70ACDZ.3.6C0 and earlier could allow an authenticated attacker with administrator privileges to execute operating system OS commands on a vulnerable device...

CVE-2024-11253

A post-authentication command injection vulnerability in the "DNSServer” parameter of the diagnostic function in the Zyxel VMG8825-T50K firmware version V5.50ABOM.8.5C0 and earlier could allow an authenticated attacker with administrator privileges to execute operating system OS commands on a...

Zyxel DSL CPE OS Command Injection Vulnerability

Multiple Zyxel DSL CPE devices contain a post-authentication command injection vulnerability in the management commands that could allow an authenticated attacker to execute OS commands via Telnet...

CVE-2022-36786

DLINK - DSL-224 Post-auth RCE. DLINK router version 3.0.8 has an interface where you can configure NTP servers Network Time Protocol via jsonrpc API. It is possible to inject a command through this interface that will run with ROOT permissions on the router...

CVE-2022-0386

A post-auth SQL injection vulnerability in the Mail Manager potentially allows an authenticated attacker to execute code in Sophos UTM before version 9.710...

CVE-2020-26118

In SmartBear Collaborator Server through 13.3.13302, use of the Google Web Toolkit GWT API introduces a post-authentication Java deserialization vulnerability. The application's UpdateMemento class accepts a serialized Java object directly from the user without properly sanitizing it. A malicious...

PT-2025-2603 · Zyxel · Zyxel Vmg4325-B10A

Name of the Vulnerable Software and Affected Versions: Zyxel VMG4325-B10A firmware version 1.00AAFR.4C0 20170615 Description: A post-authentication command injection issue in the CGI program could allow an authenticated attacker to execute operating system commands on an affected device by sendin...

CVE-2024-12806

A post-authentication absolute path traversal vulnerability in SonicOS management allows a remote attacker to read an arbitrary file...

PT-2025-1952 · Sonicos · Sonicos

Name of the Vulnerable Software and Affected Versions: SonicOS affected versions not specified Description: A post-authentication format string vulnerability in SonicOS management allows a remote attacker to crash a firewall and potentially leads to code execution. Recommendations: At the moment,...

CVE-2024-12729

A post-auth code injection vulnerability in the User Portal allows authenticated users to execute code remotely in Sophos Firewall older than version 21.0 MR1 21.0.1...

CVE-2024-9200

A post-authentication command injection vulnerability in the "host" parameter of the diagnostic function in Zyxel VMG4005-B50A firmware versions through V5.15ABQA.2.2C0 could allow an authenticated attacker with administrator privileges to execute operating system OS commands on a vulnerable devi...

CVE-2024-9200

CVE-2024-9200 describes a post-authentication command injection in the Zyxel VMG4005-B50A diagnostic function via the vulnerable host parameter. A user with administrator privileges can trigger OS commands on the device. Affected firmware: through V5.15(ABQA.2.2)C0. Root cause: lack of input hand...

PT-2024-9042 · Zyxel · Zyxel Vmg4005-B50A

Name of the Vulnerable Software and Affected Versions: Zyxel VMG4005-B50A firmware versions through V5.15ABQA.2.2C0 Description: The issue is related to a post-authentication command injection vulnerability in the host parameter of the diagnostic function. This vulnerability could allow an...

CVE-2024-8881

A post-authentication command injection vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80AAHN.1C0 and earlier could allow an authenticated, LAN-based attacker with administrator privileges to execute some operating system OS commands on an affected device by...

CVE-2024-8881

A post-authentication command injection vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80AAHN.1C0 and earlier could allow an authenticated, LAN-based attacker with administrator privileges to execute some operating system OS commands on an affected device by...

Zyxel GS1900 安全漏洞

Zyxel GS1900 is a managed switch from China Hopkins Zyxel. A security vulnerability exists in Zyxel GS1900 V2.80AAHN.1C0 and earlier versions, which stems from the presence of a post-authentication command injection vulnerability that could allow an authenticated attacker with administrator...

CVE-2024-45885

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to autodiscoveryclear...

CVE-2024-45890

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to downloadovpn...