CVE-2024-40521

SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is due to the fact that although admintemplate.php imposes certain restrictions on the edited file, attackers can still bypass the restrictions and write code in some way, allowing authenticated attackers to exploit the...

SeaCMS Security Vulnerability

SeaCMS is a free, open source web content management system written in PHP by SeaCMS, Inc. The system is primarily designed to manage video-on-demand resources. A security vulnerability exists in SeaCMS version 12.9, which stems from the fact that although admintemplate. php imposes certain...

CVE-2024-4944

A local privilege escalation vlnerability in the WatchGuard Mobile VPN with SSL client on Windows enables a local user to execute arbitrary commands with elevated privileged...

The vulnerability of the Node.js software platform, related to errors in processing input data, allows a hacker to execute arbitrary commands.

The vulnerability of the Node.js software platform is related to errors in processing input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

CVE-2023-49593

Leftover debug code exists in the boa formSysCmd functionality of LevelOne WBR-6013 RER4Av3411b2T2RLEV09170623. A specially crafted network request can lead to arbitrary command execution...

CVE-2023-46685

A hard-coded password vulnerability exists in the telnetd functionality of LevelOne WBR-6013 RER4Av3411b2T2RLEV09170623. A set of specially crafted network packets can lead to arbitrary command execution...

CVE-2023-49593

Leftover debug code exists in the boa formSysCmd functionality of LevelOne WBR-6013 RER4Av3411b2T2RLEV09170623. A specially crafted network request can lead to arbitrary command execution...

CVE-2023-49593

Leftover debug code exists in the boa formSysCmd functionality of LevelOne WBR-6013 RER4Av3411b2T2RLEV09170623. A specially crafted network request can lead to arbitrary command execution...

CVE-2023-46685

CVE-2023-46685 affects LevelOne WBR-6013 (telnetd) with a hard-coded password vulnerability. Talos documents a vulnerability in the telnetd service enabling arbitrary command execution via specially crafted network packets, potentially achieving root access. A PoC exists and shows remote code exe...

CVE-2023-46685

A hard-coded password vulnerability exists in the telnetd functionality of LevelOne WBR-6013 RER4Av3411b2T2RLEV09170623. A set of specially crafted network packets can lead to arbitrary command execution...

CVE-2023-49593

CVE-2023-49593 affects LevelOne WBR-6013 wireless router (Boa web server, Realtek SDK) where leftover debug code in the /boafrm/formSysCmd API allows an attacker to execute arbitrary commands via a crafted network request. Talos confirms the vulnerability, including an exploitable path and a PoC,...

CVE-2023-50382

Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This comman...

PT-2024-13934 · Realtek · Realtek Rtl819X Jungle Sdk

Name of the Vulnerable Software and Affected Versions: Realtek rtl819x Jungle SDK version 3.4.11 Description: Three os command injection vulnerabilities exist in the boa formWsc functionality. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can sen...

Realtek rtl819x Jungle SDK boa formWsc OS command injection vulnerabilities

Talos Vulnerability Report TALOS-2023-1899 Realtek rtl819x Jungle SDK boa formWsc OS command injection vulnerabilities July 8, 2024 CVE Number CVE-2023-50381,CVE-2023-50383,CVE-2023-50382 SUMMARY Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x...

LevelOne WBR-6013 telnetd hard-coded password vulnerability

Talos Vulnerability Report TALOS-2023-1871 LevelOne WBR-6013 telnetd hard-coded password vulnerability July 8, 2024 CVE Number CVE-2023-46685 SUMMARY A hard-coded password vulnerability exists in the telnetd functionality of LevelOne WBR-6013 RER4Av3411b2T2RLEV09170623. A set of specially crafted...

LevelOne WBR-6013 boa formSysCmd leftover debug code vulnerability

Talos Vulnerability Report TALOS-2023-1873 LevelOne WBR-6013 boa formSysCmd leftover debug code vulnerability July 8, 2024 CVE Number CVE-2023-49593 SUMMARY Leftover debug code exists in the boa formSysCmd functionality of LevelOne WBR-6013 RER4Av3411b2T2RLEV09170623. A specially crafted network...

CVE-2024-32937

An os command injection vulnerability exists in the CWMP SelfDefinedTimeZone functionality of Grandstream GXP2135 1.0.9.129, 1.0.11.74 and 1.0.11.79. A specially crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of malicious packets to trigger this...

CVE-2024-32937

An os command injection vulnerability exists in the CWMP SelfDefinedTimeZone functionality of Grandstream GXP2135 1.0.9.129, 1.0.11.74 and 1.0.11.79. A specially crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of malicious packets to trigger this...

CVE-2024-32937

An os command injection vulnerability exists in the CWMP SelfDefinedTimeZone functionality of Grandstream GXP2135 1.0.9.129, 1.0.11.74 and 1.0.11.79. A specially crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of malicious packets to trigger this...

CVE-2024-32937

Grandstream GXP2135 CWMP SelfDefinedTimeZone OS command injection (CVE-2024-32937) affects GXP2135 devices (firmware 1.0.9.129, 1.0.11.74, 1.0.11.79). The vulnerability stems from an unfiltered TimeZone parameter processed in the CWMP handler (set_selfdefinedtimezone_value) which builds and execu...