1614 matches found
Netgear Router 命令注入漏洞
NETGEAR is a router from the American company NETGEAR. A hardware device that connects two or more networks and acts as a gateway between networks. A security vulnerability exists in Netgear Router that stems from the presence of a command injection vulnerability. An attacker can exploit this...
CVE-2023-31741
There is a command injection vulnerability in the Linksys E2000 router with firmware version 1.0.06. If an attacker gains web management privileges, they can inject commands into the post request parameters wlssid, wlant, wlrate, WLattenctl, ttcpnum, ttcpsize in the httpd s StartEPI function,...
CVE-2023-31740
There is a command injection vulnerability in the Linksys E2000 router with firmware version 1.0.06. If an attacker gains web management privileges, they can inject commands into the post request parameters WLattenbb, WLattenradio, and WLattenctl in the apply.cgi interface, thereby gaining shell...
CVE-2023-31740
There is a command injection vulnerability in the Linksys E2000 router with firmware version 1.0.06. If an attacker gains web management privileges, they can inject commands into the post request parameters WLattenbb, WLattenradio, and WLattenctl in the apply.cgi interface, thereby gaining shell...
CVE-2023-31741
There is a command injection vulnerability in the Linksys E2000 router with firmware version 1.0.06. If an attacker gains web management privileges, they can inject commands into the post request parameters wlssid, wlant, wlrate, WLattenctl, ttcpnum, ttcpsize in the httpd s StartEPI function,...
PaperCut NG/MG 22.0.4 - Remote Code Execution (RCE)
Exploit Title: PaperCut NG/MG 22.0.4 - Remote Code Execution RCE Date: 13 May 2023 Exploit Author: Mohin Paramasivam Shad0wQu35t and MaanVader Vendor Homepage: https://www.papercut.com/ Version: 8.0 or later Tested on: 22.0.4 CVE: CVE-2023-27350 import requests import argparse Grouppayload =...
PT-2023-23441 · Linksys · Linksys E2000
Name of the Vulnerable Software and Affected Versions: Linksys E2000 router version 1.0.06 Description: The issue is related to a command injection vulnerability. If an attacker gains web management privileges, they can inject commands into the post request parameters WL atten bb, WL atten radio,...
Linksys E2000 命令注入漏洞
The Linksys E2000 is a wireless router from Linksys USA. The Linksys E2000 1.0.06 firmware version suffers from a command injection vulnerability that stems from the fact that if an attacker gains web administrative privileges, he/she can inject commands into the post request parameters wlssid,...
CVE-2023-31742
There is a command injection vulnerability in the Linksys WRT54GL router with firmware version 4.30.18.006. If an attacker gains web management privileges, they can inject commands into the post request parameters wlant, wlrate, WLattenctl, ttcpnum, ttcpsize in the httpd s StartEPI function,...
CVE-2023-31742
There is a command injection vulnerability in the Linksys WRT54GL router with firmware version 4.30.18.006. If an attacker gains web management privileges, they can inject commands into the post request parameters wlant, wlrate, WLattenctl, ttcpnum, ttcpsize in the httpd s StartEPI function,...
PT-2023-3102 · NetGear · Netgear R6250
Name of the Vulnerable Software and Affected Versions: Netgear R6250 router with Firmware Version 1.0.4.48 Description: The issue is related to a command injection vulnerability. It is associated with a lack of input data sanitization measures. If an attacker gains web management privileges, they...
PT-2023-22519 · Totolink · Totolink A7100Ru
Name of the Vulnerable Software and Affected Versions: TOTOLINK A7100RU version 7.4cu.2313 B20191024 Description: The issue is a Command Injection vulnerability. An attacker can obtain a stable root shell through a specially constructed payload. Recommendations: For TOTOLINK A7100RU version...
CVE-2023-30054
TOTOLINK A7100RU V7.4cu.2313B20191024 has a Command Injection vulnerability. An attacker can obtain a stable root shell through a specially constructed payload...
PT-2023-2547 · Cisco · Cisco Staros
Name of the Vulnerable Software and Affected Versions: Cisco StarOS Software affected versions not specified Description: The issue arises from insufficient validation of user-supplied credentials in the key-based SSH authentication feature. This could allow a remote attacker to elevate privilege...
CVE-2023-28966
An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS Evolved allows a low-privileged local attacker with shell access to modify existing files or execute commands as root. The issue is caused by improper file and directory permissions on certain system files, allowing an...
CVE-2023-28966
An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS Evolved allows a low-privileged local attacker with shell access to modify existing files or execute commands as root. The issue is caused by improper file and directory permissions on certain system files, allowing an...
Design/Logic Flaw
An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS Evolved allows a low-privileged local attacker with shell access to modify existing files or execute commands as root. The issue is caused by improper file and directory permissions on certain system files, allowing an...
CVE-2023-28966 Junos OS Evolved: Local low-privileged user with shell access can execute CLI commands as root
An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS Evolved allows a low-privileged local attacker with shell access to modify existing files or execute commands as root. The issue is caused by improper file and directory permissions on certain system files, allowing an...
Tailscale 安全漏洞
Tailscale is an open source WireGuard based application from Tailscale. Can provide a secure private network for any size team . A security vulnerability exists in Tailscale versions prior to 1.38.2 that stems from allowing commands to be run using a privilege group ID higher than the privilege...
Malware targeting SonicWall devices could survive firmware updates
Researchers at Mandiant have identified a malware campaign targeting SonicWall SMA 100 Series appliances, thought to be of Chinese origin. The malware was likely deployed in 2021, and was able to persist on the appliances tenaciously, even surviving firmware upgrades. The malware was able to stea...