CVE-2022-36267

CVE-2022-36267 affects Airspan AirSpot 5410 (versions 0.3.4.1-4 and earlier). The vulnerability is an unauthenticated remote command injection in the diagnostics.cgi binary (/home/www/cgi-bin/diagnostics.cgi) that accepts unauthenticated, unsanitized data, enabling remote code execution via craft...

Airspan AirSpot 5410 安全漏洞

The Airspan AirSpot 5410 is an advanced LTE, CAT12, outdoor, multi-service product from Airspan USA. A security vulnerability exists in the Airspan AirSpot 5410 version 0.3.4.1-4 and prior versions, which stems from the binary component /home/www/cgi-bin/diagnostics.cgi that can receive...

PT-2022-23285

Name of the Vulnerable Software and Affected Versions Airspan AirSpot 5410 versions 0.3.4.1-4 and under Description The issue concerns an unauthenticated remote command injection vulnerability. It allows the ping functionality to be called without user authentication by crafting a malicious HTTP...

Synology DiskStation Manager 操作系统命令注入漏洞

Synology DiskStation Manager DSM is an operating system for use on Network Storage Servers NAS from Synology Inc. of Taiwan, China. The operating system manages information such as data, files, photos, music and more. An operating system command injection vulnerability exists in Synology...

Cisco Small Business 操作系统命令注入漏洞

Cisco Small Business is a switch from Cisco USA. An operating system command injection vulnerability exists in the Cisco Small Business RV110W, RV130, RV130W, and RV215W routers, which stems from insufficient authentication of the user field in incoming HTTP packets, and can be exploited by a...

Cisco Small Business 操作系统命令注入漏洞

Cisco Small Business is a switch from Cisco USA. The Cisco Small Business router suffers from an operating system command injection vulnerability that originates from an authenticated, remote attacker utilizing its web-based management interface to insufficiently validate the user field in incomi...

CVE-2022-1703

Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated attacker to inject OS Commands which potentially leads to remote command execution vulnerability or denial of service DoS attack...

TOTOLINK EX1200T Remote Command Injection Vulnerability

TOTOLINK EX1200T is a wireless signal booster. a remote command injection vulnerability exists in the setDiagnosisCfg function in the lib/cstemodules/system.so file in TOTOLINK EX1200T V4.1.2cu.5215. An attacker can exploit this vulnerability to take control of ipDoamin...

CVE-2020-36529

A vulnerability classified as critical has been found in SevOne Network Management System up to 5.7.2.22. This affects the file traceroute.php of the Traceroute Handler. The manipulation leads to privilege escalation with a command injection. It is possible to initiate the attack remotely...

Poly EagleEye Director 操作系统命令注入漏洞

Poly EagleEye Director is a conference camera system with automated people tracking capabilities from Poly, Inc. An operating system command injection vulnerability exists in Poly EagleEye Director II version 2.2.1.1, which stems from the presence of multiple authenticated remote command injectio...

CVE-2021-42890

TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function NTPSyncWithHost of the file system.so which can control hostTime to attack...

CVE-2021-42890

TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function NTPSyncWithHost of the file system.so which can control hostTime to attack...

CVE-2021-42890

CVE-2021-42890 affects TOTOLINK EX1200T V4.1.2cu.5215. The issue is a remote command injection in the NTPSyncWithHost function of the file system.so, enabling an attacker to control hostTime. Several connected sources corroborate a command-injection vulnerability in NTPSyncWithHost; the root caus...

CVE-2021-42890

TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function NTPSyncWithHost of the file system.so which can control hostTime to attack...

CVE-2021-42888

TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setLanguageCfg of the file global.so which can control langType to attack...

CVE-2021-42888

TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setLanguageCfg of the file global.so which can control langType to attack...

CVE-2021-42888

TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setLanguageCfg of the file global.so which can control langType to attack...

CVE-2021-42888

TOTOLINK EX1200T v4.1.2cu.5215 is affected by a remote command injection in the setLanguageCfg function of global.so, allowing control of langType. The PT-2022-11732 advisory confirms the vulnerability and provides mitigations: disable the setLanguageCfg function, restrict access to global.so, an...

CVE-2021-42885

TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceMac of the file global.so which can control deviceName to attack...

CVE-2021-42884

TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceName of the file global.so which can control thedeviceName to attack...