SAMSUNG Retail Mode 安全漏洞

SAMSUNG Retail Mode is a demo mode application from Samsung South Korea. A security vulnerability exists in SAMSUNG Retail Mode versions prior to 5.59.4, which stems from improper input validation and could allow an attacker to execute privileged commands on an owned device...

Westermo Network Technologies WeOS 5

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker with administrative permissions to execute commands that would typically be inaccessible. This could allow the execution of commands with privileges beyond those normally granted to the attacker. 2. RECOMMENDED...

CVE-2024-44540

Ubiquiti AirMax firmware version firmware version 8 allows attackers with physical access to gain a privileged command shell via the UART Debugging Port...

CVE-2022-37893

An authenticated command injection vulnerability exists in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x...

Rockwell Automation Verve Asset Manager 安全漏洞

Rockwell Automation Verve Asset Manager is a vendor-neutral OT endpoint management platform from Rockwell Automation. A security vulnerability exists in Rockwell Automation Verve Asset Manager version 1.39 and earlier, which stems from insufficient variable cleanup and could allow a privileged...

Hewlett Packard Enterprise ArubaOS 安全漏洞

Hewlett Packard Enterprise ArubaOS HPE ArubaOS is a networked wireless operating system from Hewlett Packard Enterprise. A security vulnerability exists in Hewlett Packard Enterprise ArubaOS that stems from an authenticated command injection vulnerability that can be successfully exploited to all...

CVE-2025-21596

CVE-2025-21596 concerns Junos OS on SRX1500, SRX4100 and SRX4200. The issue stems from improper handling of exceptional conditions in the CLI when executing the local, low-privilege attacker’s command “show chassis environment pem,” which crashes the chassis daemon (chassisd) and restarts it, cre...

Siemens SINEC Security Monitor

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

CVE-2024-44540

Ubiquiti AirMax firmware version firmware version 8 allows attackers with physical access to gain a privileged command shell via the UART Debugging Port...

CVE-2024-44540

The CVE 2024-44540 affects Ubiquiti AirMax firmware version 8. A physical access attacker can gain a privileged command shell via the UART Debugging Port, exposing a high-severity risk. Root cause? The UART Debug Port exposure on affected devices. Exploitation details are described in connected P...

CVE-2024-31800

The CVE-2024-31800 entry concerns the GNCC GC2 Indoor Security Camera 1080P. Affected component: the device’s UART Debugging Port enables an authentication bypass, allowing a physically present attacker to obtain a privileged command shell. Documented impact includes high confidentiality, integri...

CVE-2024-31800

Authentication Bypass in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to gain a privileged command shell via the UART Debugging Port...

CVE-2024-31800

Authentication Bypass in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to gain a privileged command shell via the UART Debugging Port...

CVE-2024-41940

A vulnerability has been identified in SINEC NMS All versions V3.0. The affected application does not properly validate user input to a privileged command queue. This could allow an authenticated attacker to execute OS commands with elevated privileges...

CVE-2024-41940

A vulnerability has been identified in SINEC NMS All versions V3.0. The affected application does not properly validate user input to a privileged command queue. This could allow an authenticated attacker to execute OS commands with elevated privileges...

CVE-2024-41940

Siemens SINEC NMS (versions prior to 3.0) contains an input validation vulnerability in the privileged command queue. An authenticated attacker could exploit improper input validation to execute OS commands with elevated privileges, effectively compromising the device. Public risk scores indicate...

Chinese Hackers Exploit VMware Zero-Day to Backdoor Windows and Linux Systems

The Chinese state-sponsored group known as UNC3886 has been found to exploit a zero-day flaw in VMware ESXi hosts to backdoor Windows and Linux systems. The VMware Tools authentication bypass vulnerability, tracked as CVE-2023-20867 CVSS score: 3.9, "enabled the execution of privileged commands...

Aruba Networks InstantOS 命令注入漏洞

Aruba Networks InstantOS is an Arch Linux-based distribution from Aruba Networks, Inc. A security vulnerability exists in Aruba Networks InstantOS and ArubaOS 10, which stems from an authenticated command injection vulnerability in the command line interface that can be exploited by an attacker t...

CVE-2023-22758

Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to full...

CVE-2023-22770

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system...