CVE-2020-16148

The ping page of the administration panel in Telmat AccessLog = 6.0 TAL20180415 allows an attacker to get root shell access via authenticated code injection over the network...

Cisco IOS XE SD-WAN Software Authentication Bypass (cisco-sa-auth-b-NzwhJHH7)

According to its self-reported version, Cisco IOS XE SD-WAN Software is affected by a authentication bypass vulnerability. The vulnerability exists because the affected software has insufficient authentication mechanisms for certain commands. An unauthenticated, physical attacker can exploit this...

CVE-2020-3236

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, local attacker to gain root shell access to the underlying operating system and overwrite or read arbitrary files. The attacker would need valid administrative credentials. This...

Path traversal

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, local attacker to gain root shell access to the underlying operating system and overwrite or read arbitrary files. The attacker would need valid administrative credentials. This...

CVE-2020-3236

CVE-2020-3236 (Cisco NFV Infrastructure Software NFVIS) – Path Traversal Description summary: A vulnerability in the NFVIS CLI allows an authenticated, local attacker with valid admin credentials to perform path traversal via CLI command arguments, potentially gaining root shell access and overwr...

CVE-2020-3216

A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthenticated, physical attacker to bypass authentication and gain unrestricted access to the root shell of an affected device. The vulnerability exists because the affected software has insufficient authentication mechanisms for...

Authentication flaw

A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthenticated, physical attacker to bypass authentication and gain unrestricted access to the root shell of an affected device. The vulnerability exists because the affected software has insufficient authentication mechanisms for...

CVE-2020-10263

An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.52.4. Attackers can get root shell by accessing the UART interface and then they can i read Wi-Fi SSID or password, ii read the dialogue text files between users and XIAOMI XIAOAI speaker Pro LX06, iii use Text-To-Speech tools pretend...

Cisco IOS XE Software for Cisco 4000 Series Integrated Services Routers Privileged EXEC Mode Root Shell Access (cisco-sa-20180328-privesc3)

According to its self-reported version, Cisco IOS XE Software is affected by a vulnerability in the CLI parser due to improperly sanitizing command arguments to prevent access to internal data structures on a device. An authenticated, local attacker with privileged EXEC mode privilege level 15...

Cisco IOS XE Software User EXEC Mode Root Shell Access Multiple Vulnerabilities (cisco-sa-20180328-privesc1)

According to its self-reported version, Cisco IOS XE Software is affected by multiple vulnerabilities in the CLI parser due to improper sanitization of command arguments to prevent access to internal data structures on a device. An authenticated, local attacker with user EXEC mode access to an...

F5 Networks BIG-IP : F5 tmsh vulnerability (K40378764)

"Authenticated users with the ability to upload files via scp, for example can escalate their privileges to allow root shell access from within the TMOS Shell tmsh interface. The tmsh interface allows users to execute a secondary program via tools like sftp or scp . CVE-2019-6642 Impact...

CVE-2019-6642

In BIG-IP 15.0.0, 14.0.0-14.1.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.2, and 11.5.2-11.6.4, BIG-IQ 6.0.0-6.1.0 and 5.1.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, authenticated users with the ability to upload files via scp, for example can escalate their privileges to allow root shell...

Authentication flaw

In BIG-IP 15.0.0, 14.0.0-14.1.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.2, and 11.5.2-11.6.4, BIG-IQ 6.0.0-6.1.0 and 5.1.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, authenticated users with the ability to upload files via scp, for example can escalate their privileges to allow root shell...

CVE-2019-6642

In BIG-IP 15.0.0, 14.0.0-14.1.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.2, and 11.5.2-11.6.4, BIG-IQ 6.0.0-6.1.0 and 5.1.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, authenticated users with the ability to upload files via scp, for example can escalate their privileges to allow root shell...

CVE-2019-12789

CVE-2019-12789 affects the Actiontec/Telus T2200H devices (T2200H-31.128L.08). By attaching a UART adapter to system-board UART pins and issuing the key sequence Ctrl-, an attacker can obtain a root shell. This permits mounting the filesystem read-write and making permanent modifications, includi...

CVE-2019-9146

CVE-2019-9146 affects Jamf Self Service 10.9.0. A MITM attacker could leverage the feature to publish Bash shell scripts and inject the string "/Applications/Utilities/Terminal app/Contents/MacOS/Terminal" into the TCP data stream, enabling escalation to a root shell. The base metrics indicate hi...

CVE-2019-8313

An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST...

CVE-2019-8313

An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST...

CVE-2018-15371

CVE-2018-15371 affects Cisco IOS XE Software, specifically the shell access request mechanism. The issue is an authentication bypass that could let an authenticated, local attacker request access to the root shell and gain unrestricted root access due to insufficient authentication for certain co...

CVE-2018-15368 Cisco IOS XE Software Privileged EXEC Mode Root Shell Access Vulnerability

A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerability is due to the affected software improperl...