Helmholz REX100 访问控制错误漏洞

The Helmholz REX100 is a wireless router from Helmholz. An access control error vulnerability exists in Helmholz REX100 versions prior to 2.3.1, which stems from a lack of authentication and allows an unauthenticated, remote attacker to execute operating system commands via UDP on the device...

PT-2024-6816 · Moxa · Moxa Nat-102 Oncell G4302-Lte4 +5

Name of the Vulnerable Software and Affected Versions: Moxa EDR-8010 versions affected versions not specified Moxa EDR-G9004 versions affected versions not specified Moxa EDR-G9010 versions affected versions not specified Moxa EDR-G1002-BP versions affected versions not specified Moxa NAT-102...

PT-2024-7780

Name of the Vulnerable Software and Affected Versions Junos Space version 24.1R1 Description A Command Injection issue in Juniper Networks Junos Space allows an unauthenticated, network-based attacker to execute arbitrary shell commands on the Junos Space Appliance by sending a specially crafted...

CVE-2024-45519

The postjournal service in Zimbra Collaboration ZCS before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1 sometimes allows unauthenticated users to execute commands. Recent assessments: ccondon-r7 at October 02, 2024 7:58pm UTC reported: This is one of a list o...

Chaosblade 安全漏洞

Chaosblade is an open source experimental injection tool from ChaosBlade Open Source. A security vulnerability exists in Chaosblade versions 0.3 through 1.7.3, which stems from allowing the execution of operating system commands via the cmd parameter without authentication when using server mode...

VulnCheck KEV: CVE-2024-34257

TOTOLINK EX1800T V9.1.0cu.2112B20220316 has a vulnerability in the apcliEncrypType parameter that allows unauthorized execution of arbitrary commands, allowing an attacker to obtain device administrator privileges...

VulnCheck KEV: CVE-2024-29895

Cacti provides an operational monitoring and fault management framework. A command injection vulnerability on the 1.3.x DEV branch allows any unauthenticated user to execute arbitrary command on the server when registerargcargv option of PHP is On. In cmdrealtime.php line 119, the...

VulnCheck KEV: CVE-2024-23692

Rejetto HTTP File Server contains an improper neutralization of special elements used in a template engine vulnerability. This allows a remote, unauthenticated attacker to execute commands on the affected system by sending a specially crafted HTTP request...

VulnCheck KEV: CVE-2023-41109

SmartNode SN200 aka SN200 3.21.2-23021 allows unauthenticated OS Command Injection...

CVE-2024-5035

The affected device expose a network service called "rftest" that is vulnerable to unauthenticated command injection on ports TCP/8888, TCP/8889, and TCP/8890. By successfully exploiting this flaw, remote unauthenticated attacker can gain arbitrary command execution on the device with elevated...

CVE-2024-5035 TP-Link Archer C5400X - RFTest Unauthenticated Command Injection

The affected device expose a network service called "rftest" that is vulnerable to unauthenticated command injection on ports TCP/8888, TCP/8889, and TCP/8890. By successfully exploiting this flaw, remote unauthenticated attacker can gain arbitrary command execution on the device with elevated...

TP-LINK Archer C4500X 安全漏洞

The TP-LINK Archer C4500X is a wireless router from China P&L TP-LINK. A security vulnerability exists in the TP-LINK Archer C4500X that stems from the rftest web service being vulnerable to unauthenticated command injection on ports TCP/8888, TCP/8889, and TCP/8890, which can be exploited by a...

Aruba Networks ArubaOS 和 InstantOS 安全漏洞

Aruba Networks ArubaOS and Aruba Networks InstantOS are both products of Aruba Networks, Inc.Aruba Networks ArubaOS is an operating system for Aruba Mobility-Defined Networks, including Mobility Controllers and Mobility Access Switches. Aruba Networks InstantOS is an Arch Linux-based distribution...

Kemp LoadMaster Unauthenticated Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Kemp LoadMaster Unauthenticated Command Injection', 'Description' = %q This module exploits an unauthenticated command injection vulnerability in...

Kemp LoadMaster Unauthenticated Command Injection

This module exploits an unauthenticated command injection vulnerability in Progress Kemp LoadMaster in the authorization header after vversion 7.2.48.1. The following versions are patched: 7.2.59.2 GA, 7.2.54.8 LTSF and 7.2.48.10 LTS. Module Options msf use...

PT-2024-2561 · Vmware · Vmware Sd-Wan Edge

Name of the Vulnerable Software and Affected Versions: VMware SD-WAN Edge affected versions not specified Description: The issue is related to an unauthenticated command injection vulnerability in the VMware SD-WAN Edge, potentially leading to remote code execution. A malicious actor with local...

KDDI HGW BL1500HM 安全漏洞

The KDDI HGW BL1500HM is a home router from KDDI Japan. A security vulnerability exists in KDDI HGW BL1500HM 002.001.013 and earlier versions that originated from allowing an unauthenticated attacker to execute arbitrary commands...

CVE-2023-47218: QNAP QTS and QuTS Hero Unauthenticated Command Injection (FIXED)

Rapid7 has identified an unauthenticated command injection vulnerability in the QNAP operating system known as QTS and QuTS hero. QTS is a core part of the firmware for numerous QNAP entry- and mid-level Network Attached Storage NAS devices, and QuTS hero is a core part of the firmware for numero...

CVE-2023-47218: QNAP QTS and QuTS Hero Unauthenticated Command Injection (FIXED)

Rapid7 has identified an unauthenticated command injection vulnerability in the QNAP operating system known as QTS and QuTS hero. QTS is a core part of the firmware for numerous QNAP entry- and mid-level Network Attached Storage NAS devices, and QuTS hero is a core part of the firmware for numero...

VulnCheck KEV: CVE-2018-17532

Teltonika RUT9XX routers with firmware before 00.04.233 are prone to multiple unauthenticated OS command injection vulnerabilities in autologin.cgi and hotspotlogin.cgi due to insufficient user input sanitization. This allows remote attackers to execute arbitrary commands with root privileges...