18 matches found
EUVD-2017-11308
Malware in sbrugna...
CVE-2022-38094
OS command injection vulnerability in the telnet function of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote authenticated attacker to execute an arbitrary OS command...
CVE-2022-35273
OS command injection vulnerability in GUI setting page of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote authenticated attacker to execute an arbitrary OS command...
CVE-2022-38394
Use of hard-coded credentials for the telnet server of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote unauthenticated attacker to execute an arbitrary OS command...
CVE-2022-38394
Use of hard-coded credentials for the telnet server of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote unauthenticated attacker to execute an arbitrary OS command...
CVE-2022-38094
CVE-2022-38094 is an OS command injection vulnerability in the Telnet function of CentreCOM AR260S V2 firmware prior to Ver. 3.3.7. The issue allows a remote authenticated attacker to execute arbitrary OS commands. Red Hat, NVD, JVN, and other connected records corroborate the condition and impac...
CVE-2022-35273
CVE-2022-35273 describes an OS command injection in the GUI setting page of CentreCOM AR260S V2 firmware prior to Ver.3.3.7. A remote authenticated attacker could execute arbitrary OS commands due to the vulnerable GUI handling. Affected product: CentreCOM AR260S V2; vulnerable component: GUI set...
CVE-2022-35273
OS command injection vulnerability in GUI setting page of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote authenticated attacker to execute an arbitrary OS command...
CVE-2022-34869
Undocumented hidden command that can be executed from the telnet function of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote authenticated attacker to execute an arbitrary OS command...
PT-2022-4625 · Centrecom · Centrecom Ar260S V2
Name of the Vulnerable Software and Affected Versions: CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 Description: The issue is related to an OS command injection vulnerability in the GUI setting page, allowing a remote authenticated attacker to execute an arbitrary OS command. This...
JVN#45473612: Multiple vulnerabilities in CentreCOM AR260S V2
CentreCOM AR260S V2 provided by Allied Telesis K.K. contains multiple vulnerabilities listed below. OS command injection vulnerability in GUI setting page CWE-78 - CVE-2022-35273 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H| Base Score: 8.8 CVSS v2|...
PT-2022-4623 · Centrecom · Centrecom Ar260S V2
Name of the Vulnerable Software and Affected Versions: CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 Description: The issue is related to an undocumented hidden command that can be executed from the telnet function, allowing a remote authenticated attacker to execute an arbitrary OS...
PT-2022-4624 · Centrecom · Centrecom Ar260S V2
Name of the Vulnerable Software and Affected Versions: CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 Description: The issue is related to the use of hard-coded credentials for the telnet server, allowing a remote unauthenticated attacker to execute an arbitrary OS command. This could...
CVE-2017-2125
Privilege escalation vulnerability in CentreCOM AR260S V2 remote authenticated attackers to gain privileges via the guest account...
Privilege escalation
Privilege escalation vulnerability in CentreCOM AR260S V2 remote authenticated attackers to gain privileges via the guest account...
CVE-2017-2125
CVE-2017-2125 describes a privilege escalation in the CentreCOM AR260S V2 router. An attacker who can log into the product as the guests account may obtain administrative privileges, enabling unintended operations. The root cause is a vulnerability in the guest account abuse pathway that allows p...
CentreCOM AR260S V2 vulnerable to privilege escalation
Overview CentreCOM AR260S V2 provided by Allied Telesis K.K. is a wired LAN router. CentreCOM AR260S V2 contains a privilege escalation vulnerability. Ziv Chang of Trend Micro Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warnin...
JVN#55121369: CentreCOM AR260S V2 vulnerable to privilege escalation
CentreCOM AR260S V2 provided by Allied Telesis K.K. is a wired LAN router. CentreCOM AR260S V2 contains a privilege escalation vulnerability. Impact Unintended operations may be performed with administrative privileges by a user who can log into the product with "guest" account. Solution Apply...