CVE-2021-33216

An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. An Undocumented Backdoor exists, allowing shell access via a developer account...

Hardcoded credentials

An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded System Passwords that provide shell access...

Design/Logic Flaw

An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. An Undocumented Backdoor exists, allowing shell access via a developer account...

CVE-2021-33218

CVE-2021-33218 affects CommScope Ruckus IoT Controller

CVE-2021-33218

An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded System Passwords that provide shell access...

CVE-2021-33216

CVE-2021-33216 affects CommScope Ruckus IoT Controller 1.7.1.0 and earlier. An undocumented backdoor exists via an upgrade account (vriotiotupgrade) with SSH/SCP access, enabled by an authorized_keys entry and restricted rssh configuration, enabling shell access when the OVA is mounted. Documente...

CVE-2021-33216

An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. An Undocumented Backdoor exists, allowing shell access via a developer account...

Advisory ROSA-SA-2021-1815

Software: cryptsetup 2.0.3 OS: Cobalt 7.9 CVE-ID: CVE-2016-4484 CVE-Crit: MEDIUM CVE-DESC: Debian initrd script for cryptsetup package 2: 1.7.3-2 and earlier allows physically nearby attackers to gain access to the shell through multiple login attempts with an incorrect password. CVE-STATUS:...

CVE-2021-35973

NETGEAR WAC104 devices before 1.0.4.15 are affected by an authentication bypass vulnerability in /usr/sbin/minihttpd, allowing an unauthenticated attacker to invoke any action by adding the &currentsetting.htm substring to the HTTP query, a related issue to CVE-2020-27866. This directly allows th...

Weidmueller Industrial WLAN devices Access Control Error Vulnerability

Weidmueller Industrial WLAN devices is an industrial WIAN from Weidmueller, Germany. An access control error vulnerability exists in Weidmueller Industrial WLAN devices, which can be exploited by an attacker to cause remote shell access to the device as this user...

CVE-2021-33538

In Weidmueller Industrial WLAN devices in multiple versions an exploitable improper access control vulnerability exists in the iwwebs account settings functionality. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access ...

CVE-2021-33538

In Weidmueller Industrial WLAN devices in multiple versions an exploitable improper access control vulnerability exists in the iwwebs account settings functionality. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access ...

CVE-2021-33538 WEIDMUELLER: WLAN devices affected by improper access control vulnerability

In Weidmueller Industrial WLAN devices in multiple versions an exploitable improper access control vulnerability exists in the iwwebs account settings functionality. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access ...

PT-2021-20185 · Weidmueller · Weidmueller Industrial Wlan

Name of the Vulnerable Software and Affected Versions: Weidmueller Industrial WLAN devices affected versions not specified Description: The issue concerns an improper access control vulnerability in the account settings functionality of the device. Specifically, it affects the iw webs account...

Weidmueller Industrial WLAN 安全漏洞

Weidmueller Industrial WLAN devices is an industrial WIAN from Weidmueller, Germany. An access control error vulnerability exists in Weidmueller Industrial WLAN devices, which can be exploited by an attacker to cause remote shell access to the device as this user...

CVE-2020-21786

In IBOS 4.5.4 Open, Arbitrary File Inclusion causes getshell via /system/modules/dashboard/controllers/CronController.php...

F5 BIG-IQ VE 8.0.0-2923215 Remote Root

F5 BIG-IQ VE v8.0.0-2923215 Post-auth Remote Root RCE CVE-2021-23024 ======= Details ======= It was possible to execute commands with root privileges as an authenticated privileged user via command injection in easy-setup-test-connection. There are two blind command injection bugs in Test DNS...

CVE-2021-24023

An improper input validation in FortiAI v1.4.0 and earlier may allow an authenticated user to gain system shell access via a malicious payload in the "diagnose" command...

Input validation

An improper input validation in FortiAI v1.4.0 and earlier may allow an authenticated user to gain system shell access via a malicious payload in the "diagnose" command...

CVE-2021-24023

An improper input validation in FortiAI v1.4.0 and earlier may allow an authenticated user to gain system shell access via a malicious payload in the "diagnose" command...