Vulnerabilities fixed in Aruba Networks ArubaOS

Aruba Networks has fixed vulnerabilities in ArubaOS. A malicious party could exploit the vulnerabilities to execute arbitrary commands on the underlying operating system. For successful abuse, the malicious party must have access to the management interface, or command-line. It is good practice n...

PT-2025-17312

Name of the Vulnerable Software and Affected Versions PyTorch versions prior to 2.6.0 PyTorch ≤2.5.1 Description PyTorch is vulnerable to a Remote Command Execution RCE vulnerability. This flaw exists in versions 2.5.1 and prior, specifically when loading a model using the torch.load function wit...

CVE-2024-10915

A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been rated as critical. Affected by this issue is the function cgiuseradd of the file /cgi-bin/accountmgr.cgi?cmd=cgiuseradd. The manipulation of the argument group leads to os command injection. T...

PT-2024-7744

Name of the Vulnerable Software and Affected Versions D-Link DNS-320 versions 1.00 through 1.08 D-Link DNS-320LW versions 1.01.0914.2012 and earlier D-Link DNS-325 versions 1.01 through 1.02 D-Link DNS-340L versions 1.08 and earlier Description A critical vulnerability has been found in D-Link DN...

CVE-2024-47463

An arbitrary file creation vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. Successful exploitation of this vulnerability could allow an authenticated remote attacker to create arbitrary files, which could lead to a remote command execution RCE on the underlying...

CVE-2024-47462

An arbitrary file creation vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. Successful exploitation of this vulnerability could allow an authenticated remote attacker to create arbitrary files, which could lead to a remote command execution RCE on the underlying...

CVE-2024-47463 Arbitrary File Creation Vulnerability in Instant AOS-8 and AOS-10 leads to Authenticated Remote Command Execution (RCE)

An arbitrary file creation vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. Successful exploitation of this vulnerability could allow an authenticated remote attacker to create arbitrary files, which could lead to a remote command execution RCE on the underlying...

CVE-2024-47463 Arbitrary File Creation Vulnerability in Instant AOS-8 and AOS-10 leads to Authenticated Remote Command Execution (RCE)

An arbitrary file creation vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. Successful exploitation of this vulnerability could allow an authenticated remote attacker to create arbitrary files, which could lead to a remote command execution RCE on the underlying...

CVE-2024-47463

CVE-2024-47463 describes an arbitrary file creation vulnerability in Aruba Instant AOS-8 and AOS-10 CLI service that, when exploited by an authenticated user, could lead to remote code execution on the underlying OS. The issue affects the CLI path and is tied to authenticated remote command execu...

CVE-2024-47462 Arbitrary File Creation Vulnerability in Instant AOS-8 and AOS-10 leads to Authenticated Remote Command Execution (RCE)

An arbitrary file creation vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. Successful exploitation of this vulnerability could allow an authenticated remote attacker to create arbitrary files, which could lead to a remote command execution RCE on the underlying...

CVE-2024-47462 Arbitrary File Creation Vulnerability in Instant AOS-8 and AOS-10 leads to Authenticated Remote Command Execution (RCE)

An arbitrary file creation vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. Successful exploitation of this vulnerability could allow an authenticated remote attacker to create arbitrary files, which could lead to a remote command execution RCE on the underlying...

CVE-2024-47462

CVE-2024-47462 affects Hewlett Packard Enterprise Aruba Instant AOS-8 and AOS-10, describing an arbitrary file creation vulnerability in the CLI that could allow an authenticated remote attacker to create arbitrary files and, per the advisory, lead to remote code execution on the underlying OS. T...

CVE-2024-47461 Authenticated Arbitrary Remote Command Execution (RCE) in Instant AOS-8 and AOS-10

An authenticated command injection vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. A successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to...

CVE-2023-29120 Unauthorized Remote Command Execution in Enel X Juicebox

Waybox Enel X web management application could be used to execute arbitrary OS commands and provide administrator’s privileges over the Waybox system...

CVE-2023-29120 Unauthorized Remote Command Execution in Enel X Juicebox

Waybox Enel X web management application could be used to execute arbitrary OS commands and provide administrator’s privileges over the Waybox system...

Hewlett Packard Enterprise ArubaOS 安全漏洞

Hewlett Packard Enterprise ArubaOS HPE ArubaOS is a networked wireless operating system from Hewlett Packard Enterprise. A security vulnerability exists in Hewlett Packard Enterprise ArubaOS that stems from an arbitrary file creation vulnerability, which can be exploited by an attacker to allow a...

PT-2024-8320 · NetGear · Netgear R8500

Name of the Vulnerable Software and Affected Versions: Netgear R8500 version 1.0.2.160 Description: The issue exists due to the lack of measures to neutralize special elements used in the operating system command. This allows a remote attacker to execute arbitrary commands by sending a specially...

PT-2024-8272 · NetGear · Netgear R6400 +3

Name of the Vulnerable Software and Affected Versions: Netgear R8500 version 1.0.2.160 Netgear XR300 version 1.0.3.78 Netgear R7000P version 1.3.3.154 Netgear R6400 v2 version 1.0.4.128 Description: A command injection vulnerability was discovered in the wlg adv.cgi component of Netgear routers,...

VulnCheck KEV: CVE-2023-28769

The buffer overflow vulnerability in the library “libclinkc.so” of the web server “zhttpd” in Zyxel DX5401-B0 firmware versions prior to V5.17ABYO.1C0 could allow a remote unauthenticated attacker to execute some OS commands or to cause denial-of-service DoS conditions on a vulnerable device...

Tenda AX2 Pro Operating System Command Injection Vulnerability

Tenda AX2 Pro is a home user designed entry-level Gigabit Wi-Fi 6 router from Tenda China. The Tenda AX2 Pro suffers from an operating system command injection vulnerability that can be exploited by an attacker to execute commands by building a malicious payload...