27 matches found
CVE-2025-71284
Synway SMG Gateway Management Software contains an OS command injection vulnerability in the RADIUS configuration endpoint at /en/9-2radius.php where the radiusaddress POST parameter is split and interpolated directly into a sed command without sanitization. An unauthenticated remote attacker can...
CVE-2025-71284
Synway SMG Gateway Management Software contains an OS command injection vulnerability in the RADIUS configuration endpoint at /en/9-2radius.php where the radiusaddress POST parameter is split and interpolated directly into a sed command without sanitization. An unauthenticated remote attacker can...
CVE-2025-71284 Synway SMG Gateway Management Software OS Command Injection via radius_address
Synway SMG Gateway Management Software contains an OS command injection vulnerability in the RADIUS configuration endpoint at /en/9-2radius.php where the radiusaddress POST parameter is split and interpolated directly into a sed command without sanitization. An unauthenticated remote attacker can...
CVE-2025-71284
Synway SMG Gateway Management Software is affected by an OS command injection in the RADIUS configuration endpoint /en/9-2radius.php. The radius_address POST parameter (and related fields) is split and interpolated directly into a sed command without sanitization, enabling an unauthenticated remo...
PT-2026-36128
Name of the Vulnerable Software and Affected Versions Synway SMG Gateway Management Software affected versions not specified Description An OS command injection flaw exists in the RADIUS configuration endpoint '/en/9-2radius.php'. The issue occurs because the radius address POST parameter is spli...
CVE-2023-48428
A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 2. The radius configuration mechanism of affected products does not correctly check uploaded certificates. A malicious admin could upload a crafted certificate resulting in a denial-of-service condition or potentially...
Siemens SINEC INS Operating System Command Injection Vulnerability
SINEC INS Infrastructure Network Services is a web-based application that combines various network services in one tool. This simplifies the installation and management of all network services associated with industrial networks. Siemens SINEC INS suffers from an operating system command injectio...
CVE-2023-48428
A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 2. The radius configuration mechanism of affected products does not correctly check uploaded certificates. A malicious admin could upload a crafted certificate resulting in a denial-of-service condition or potentially...
Default configuration
A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 2. The radius configuration mechanism of affected products does not correctly check uploaded certificates. A malicious admin could upload a crafted certificate resulting in a denial-of-service condition or potentially...
CVE-2023-48428
A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 2. The radius configuration mechanism of affected products does not correctly check uploaded certificates. A malicious admin could upload a crafted certificate resulting in a denial-of-service condition or potentially...
PT-2023-30846 · Siemens · Sinec Ins
Name of the Vulnerable Software and Affected Versions: SINEC INS versions prior to V1.0 SP2 Update 2 Description: A vulnerability has been identified in the radius configuration mechanism of SINEC INS, where it does not correctly check uploaded certificates. This could allow a malicious admin to...
Siemens SINEC INS 操作系统命令注入漏洞
SINEC INS Infrastructure Network Services is a web-based application that combines various network services in one tool. This simplifies the installation and management of all network services associated with industrial networks. Siemens SINEC INS suffers from an operating system command injectio...
CVE-2023-43073
Dell SmartFabric Storage Software v1.4 and earlier contains an Improper Input Validation vulnerability in RADIUS configuration. An authenticated remote attacker could potentially exploit this vulnerability, leading to gaining unauthorized access to data...
Input validation
Dell SmartFabric Storage Software v1.4 and earlier contains an Improper Input Validation vulnerability in RADIUS configuration. An authenticated remote attacker could potentially exploit this vulnerability, leading to gaining unauthorized access to data...
CVE-2023-43073
Dell SmartFabric Storage Software v1.4 and earlier contains an Improper Input Validation vulnerability in RADIUS configuration. An authenticated remote attacker could potentially exploit this vulnerability, leading to gaining unauthorized access to data...
ASUS BMC Firmware Security Feature Issue Vulnerability
ASUS BMC Firmware is a firmware from Asus China. The ASUS BMC Firmware suffers from a security signature issue vulnerability that stems from a buffer overflow vulnerability due to the Radius configuration function not validating the length of a user-entered string. A remote attacker could use thi...
CVE-2021-28195
The Radius configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service...
CVE-2021-28175
The Radius configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service...
Buffer overflow
The Radius configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service...
CVE-2021-28195 ASUS BMC's firmware: buffer overflow - Radius configuration function
The Radius configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service...