9 matches found
CVE-2025-1036
Command injection vulnerability exists in the “Logging” page of the web-based configuration utility. An authenticated user with low privileged network access for the configuration utility can execute arbitrary commands on the underlying OS to obtain root SSH access to the TropOS 4th Gen device...
EUVD-2025-36505
By making minor configuration changes to the TropOS 4th Gen device, an authenticated user with the ability to run user level shell commands can enable access via secure shell SSH to an unrestricted root shell. This is possible through abuse of a particular set of scripts and executables that allo...
EUVD-2025-36504
Command injection vulnerability exists in the “Logging” page of the web-based configuration utility. An authenticated user with low privileged network access for the configuration utility can execute arbitrary commands on the underlying OS to obtain root SSH access to the TropOS 4th Gen device...
CVE-2025-1036
Command injection vulnerability exists in the “Logging” page of the web-based configuration utility. An authenticated user with low privileged network access for the configuration utility can execute arbitrary commands on the underlying OS to obtain root SSH access to the TropOS 4th Gen device...
CVE-2025-1038
The “Diagnostics Tools” page of the web-based configuration utility does not properly validate user-controlled input, allowing an authenticated user with high privileges to inject commands into the command shell of the TropOS 4th Gen device. The injected commands can be exploited to execute sever...
CVE-2025-1038
CVE-2025-1038 affects Hitachi TropOS 4th Gen: the Diagnostics Tools page of the web-based configuration utility fails to properly validate input, enabling an authenticated high-privilege user to inject shell commands. Exploitation can lead to execution of set-uid applications and full root access...
CVE-2025-1038
The “Diagnostics Tools” page of the web-based configuration utility does not properly validate user-controlled input, allowing an authenticated user with high privileges to inject commands into the command shell of the TropOS 4th Gen device. The injected commands can be exploited to execute sever...
CVE-2025-1036
Command injection vulnerability exists in the “Logging” page of the web-based configuration utility. An authenticated user with low privileged network access for the configuration utility can execute arbitrary commands on the underlying OS to obtain root SSH access to the TropOS 4th Gen device...
CVE-2025-1036
Summary: CVE-2025-1036 describes a command injection in the Logging page of the TropOS 4th Gen web-based configuration utility. An authenticated, low-privileged user with network access to the configuration utility can execute arbitrary OS commands, potentially gaining root SSH access to the devi...