PT-2023-23917 · Unknown · Wl-Wn531Ax2

Name of the Vulnerable Software and Affected Versions: WL-WN531AX2 firmware versions prior to 2023526 Description: The issue allows an attacker with administrative privilege to upload arbitrary files and execute OS commands with the root privilege. Recommendations: For WL-WN531AX2 firmware versio...

PT-2023-23918 · Unknown · Wl-Wn531Ax2

Name of the Vulnerable Software and Affected Versions: WL-WN531AX2 versions prior to 2023526 Description: The issue is related to the improper neutralization of special elements in the firmware, allowing an attacker with administrative privileges to execute OS commands with root privileges...

Multiple vulnerabilities in WAVLINK WL-WN531AX2

Overview WL-WN531AX2 provided by WAVLINK contains multiple vulnerabilities listed below. Client-side enforcement of server-side security CWE-602 - CVE-2023-32612 Exposure of resource to wrong sphere CWE-668 - CVE-2023-32613 Improper authentication CWE-287 - CVE-2023-32620 Unrestricted upload of...

VulnCheck KEV: CVE-2019-17621

D-Link DIR-859 router contains a command execution vulnerability in the UPnP endpoint URL, /gena.cgi. Exploitation allows an unauthenticated remote attacker to execute system commands as root by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local...

CVE-2023-33869 Enphase Envoy OS Command Injection

Enphase Envoy versions D7.0.88 is vulnerable to a command injection exploit that may allow an attacker to execute root commands...

PT-2023-24523 · Enphase · Enphase Envoy

Name of the Vulnerable Software and Affected Versions: Enphase Envoy version D7.0.88 Description: The issue allows an attacker to execute root commands due to a command injection exploit. Recommendations: For Enphase Envoy version D7.0.88, consider disabling or restricting access to the vulnerabl...

CVE-2023-31746

There is a command injection vulnerability in the adslr VW2100 router with firmware version M1DV1.0. An unauthenticated attacker can exploit the vulnerability to execute system commands as the root user...

Adslr VW2100 命令注入漏洞

The Adslr VW2100 is a router from Flying Fish Star Technology Adslr, Chengdu, China. A security vulnerability exists in the Adslr VW2100 M1DV version 1.0. An attacker exploited the vulnerability to execute system commands as root user...

CVE-2023-32347

Teltonika’s Remote Management System versions prior to 4.10.0 use device serial numbers and MAC addresses to identify devices from the user perspective for device claiming and from the device perspective for authentication. If an attacker obtained the serial number and MAC address of a device, th...

CVE-2023-20183

Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. For more information about these...

CVE-2023-20183

Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. For more information about these...

Teltonika Remote Management System 授权问题漏洞

Teltonika Remote Management System is a Teltonika remote management system for managing Teltonika products. An authorization issue vulnerability exists in Teltonika Remote Management System versions prior to 4.10.0. An attacker could use this vulnerability to execute arbitrary commands as root by...

PT-2023-3477 · Wavlink · Wavlink Wl-Wn531Ax2

Name of the Vulnerable Software and Affected Versions: WAVLINK WL-WN531AX2 versions prior to 2023526 Description: The issue is related to client-side enforcement of server-side security, which may allow an attacker with administrative privilege to execute OS commands with the root privilege. This...

CVE-2023-28143

Qualys Cloud Agent for macOS versions 2.5.1-75 before 3.7 installer allows a local escalation of privilege bounded only to the time of installation and only on older macOSX macOS 10.15 and older versions. Attackers may exploit incorrect file permissions to give them ROOT command execution...

Privilege escalation

Qualys Cloud Agent for macOS versions 2.5.1-75 before 3.7 installer allows a local escalation of privilege bounded only to the time of installation and only on older macOSX macOS 10.15 and older versions. Attackers may exploit incorrect file permissions to give them ROOT command execution...

CVE-2023-28143 Local Privilege Escalation

Qualys Cloud Agent for macOS versions 2.5.1-75 before 3.7 installer allows a local escalation of privilege bounded only to the time of installation and only on older macOSX macOS 10.15 and older versions. Attackers may exploit incorrect file permissions to give them ROOT command execution...

CVE-2023-28143 Local Privilege Escalation

Qualys Cloud Agent for macOS versions 2.5.1-75 before 3.7 installer allows a local escalation of privilege bounded only to the time of installation and only on older macOSX macOS 10.15 and older versions. Attackers may exploit incorrect file permissions to give them ROOT command execution...

CVE-2023-20117

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. These vulnerabilitie...

CVE-2023-20128

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. These vulnerabilitie...

PT-2023-3315 · Cisco · Cisco Small Business Rv320 +1

Name of the Vulnerable Software and Affected Versions: Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers affected versions not specified Description: The web-based management interface of the affected devices has insufficient validation of user-supplied input, allowing an...