Google ChromeOS 安全漏洞

Google ChromeOS is an operating system from the American company Google. Google ChromeOS suffers from an elevation of privilege vulnerability that originates from debug shell accessibility, which can be exploited by an attacker to access restricted system functions and data via elevation of...

CVE-2025-26412

The SIMCom SIM7600G modem supports an undocumented AT command, which allows an attacker to execute system commands with root permission on the modem. An attacker needs either physical access or remote shell access to a device that interacts directly with the modem via AT commands...

CVE-2025-26412 Undocumented Root Shell Access in SIMCom SIM7600G Modem

The SIMCom SIM7600G modem supports an undocumented AT command, which allows an attacker to execute system commands with root permission on the modem. An attacker needs either physical access or remote shell access to a device that interacts directly with the modem via AT commands...

CVE-2025-26412 Undocumented Root Shell Access in SIMCom SIM7600G Modem

The SIMCom SIM7600G modem supports an undocumented AT command, which allows an attacker to execute system commands with root permission on the modem. An attacker needs either physical access or remote shell access to a device that interacts directly with the modem via AT commands...

CVE-2025-26412

Summary: CVE-2025-26412 affects the SIMCom SIM7600G modem. The issue is an undocumented AT command that allows an attacker to execute system commands with root privileges on the modem. The attack requires either physical access or a remote shell that can issue AT commands to the device. The root ...

Exploit for Command Injection in Google Android

unisoc-su A method for CVE-2025-31710https://nvd.nist.gov/v...

Cisco Integrated Management Controller 安全漏洞

Cisco Integrated Management Controller IMC is a suite of software from Cisco USA for the management of UCS Unified Computing System. The software supports HTTP, SSH access, etc., and allows operations such as powering up, shutting down, and rebooting servers. A security vulnerability exists in...

CVE-2024-28353

There is a command injection vulnerability in the TRENDnet TEW-827DRU router with firmware version 2.10B01. An attacker can inject commands into the post request parameters usapps.config.smbadminname in the apply.cgi interface, thereby gaining root shell privileges...

CVE-2024-22239

Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain regular shell access...

CVE-2024-48459

A command execution vulnerability exists in the AX2 Pro home router produced by Shenzhen Tenda Technology Co., Ltd. Jixiang Tenda v.DI7003G-19.12.24A1V16.03.29.50;V16.03.29.50;V16.03.29.50. An attacker can exploit this vulnerability by constructing a malicious payload to execute commands and...

CVE-2023-31741

There is a command injection vulnerability in the Linksys E2000 router with firmware version 1.0.06. If an attacker gains web management privileges, they can inject commands into the post request parameters wlssid, wlant, wlrate, WLattenctl, ttcpnum, ttcpsize in the httpd s StartEPI function,...

CVE-2023-48965

An issue in the component /admin/api.plugs/script of ThinkAdmin v6.1.53 allows attackers to getshell via providing a crafted URL to download a malicious PHP file...

CVE-2023-33530

There is a command injection vulnerability in the Tenda G103 Gigabit GPON Terminal with firmware version V1.0.0.5. If an attacker gains web management privileges, they can inject commands gaining shell privileges...

CVE-2023-27197

PAX A930 device with PayDroid7.1.1VirgoV04.5.0220220722 can allow an attacker to gain root access by running a crafted binary leveraging an exported function from a shared library. The attacker must have shell access to the device in order to exploit this vulnerability...

CVE-2023-33532

There is a command injection vulnerability in the Netgear R6250 router with Firmware Version 1.0.4.48. If an attacker gains web management privileges, they can inject commands into the post request parameters, thereby gaining shell privileges...

CVE-2022-28561

There is a stack overflow vulnerability in the /goform/setMacFilterCfg function in the httpd service of Tenda ax12 22.03.01.21cn router. An attacker can obtain a stable shell through a carefully constructed payload...

CVE-2022-40297

UBports Ubuntu Touch 16.04 allows the screen-unlock passcode to be used for a privileged shell via Sudo. This passcode is only four digits, far below typical length/complexity for a user account's password. NOTE: a third party states "The described attack cannot be executed as demonstrated...

CVE-2022-47769

An arbitrary file write vulnerability in Serenissima Informatica Fast Checkin v1.0 allows unauthenticated attackers to upload malicious files in the web root of the application to gain access to the server via the web shell...

D-Link DI-8100 Command Injection Vulnerability

The D-Link DI-8100 is a broadband router from D-Link designed for small to medium sized network environments. A command injection vulnerability exists in the D-Link DI-8100. The vulnerability stems from the logic code's lax input filtering, which can be exploited by an attacker to gain highest...

CVE-2022-32412

An issue in the /template/edit component of HongCMS v3.0 allows attackers to getshell...