Grandstream GXP2135 Operating System Command Injection Vulnerability

The Grandstream GXP2135 is an enterprise-grade color screen IP phone from Grandstream. An operating system command injection vulnerability exists in the Grandstream GXP2135 versions 1.0.9.129, 1.0.11.74, and 1.0.11.79, which originates from specially crafted network packets that can lead to...

The vulnerability of the get_ip_addr_details function (/view/dhcp/dhcpConfig/commit.php) in Ruijie RG-UAC router software allows a attacker to execute arbitrary commands.

The vulnerability of the getipaddrdetails function /view/dhcp/dhcpConfig/commit.php in Ruijie RG-UAC router software exists due to the failure to address special elements used in operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands via th...

TP-LINK ER7206 Command Execution Vulnerability

The TP-LINK ER7206 is a multi-function Gigabit router from China P&L TP-LINK. A command execution vulnerability exists in the TP-Link ER7206 Omada Gigabit VPN Router version 1.4.1 Build 20240117, which stems from the presence of residual debugging code that can be exploited by an attacker to caus...

The vulnerability of the /view/userAuthentication/SSO/commit.php file in the Ruijie RG-UAC router software allows a perpetrator to execute arbitrary commands.

The vulnerability of the /view/userAuthentication/SSO/commit.php file in the Ruijie RG-UAC router microprogramming system exists due to the failure to implement measures to neutralize special elements used in the operating system command. Exploiting this vulnerability allows a malicious actor to...

The vulnerability of the getUnpushedChanges() function in the dependency manager for PHP Composer allows a hacker to execute arbitrary commands.

The vulnerability of the getUnpushedChanges function in the PHP Composer dependency manager is related to the improper elimination of special elements. Exploiting this vulnerability could allow an attacker to execute arbitrary commands using the status, reinstall, and remove commands...

TP-Link Archer AX3000 Security Vulnerability

TP-LINK Archer AX3000 is a wireless router from China P&L TP-LINK. A security vulnerability exists in the TP-Link Archer AX3000, which stems from the presence of an operating system command injection vulnerability that allows an attacker to execute arbitrary operating system commands by restoring...

CVE-2024-21827

A leftover debug code vulnerability exists in the cliserver debug functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.4.1 Build 20240117 Rel.57421. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger...

CVE-2024-21827

A leftover debug code vulnerability exists in the cliserver debug functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.4.1 Build 20240117 Rel.57421. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger...

CVE-2024-21827

CVE-2024-21827 affects Tp-Link ER7206 Omada Gigabit VPN Router (1.4.1 Build 20240117 Rel.57421). The vulnerability resides in the cli_server debug functionality, where a hidden/legacy debug path can be triggered via crafted network requests to achieve arbitrary command execution. Talos details a ...

Tp-Link ER7206 Omada Gigabit VPN Router cli_server debug leftover debug code vulnerability

Talos Vulnerability Report TALOS-2024-1947 Tp-Link ER7206 Omada Gigabit VPN Router cliserver debug leftover debug code vulnerability June 25, 2024 CVE Number CVE-2024-21827 SUMMARY A leftover debug code vulnerability exists in the cliserver debug functionality of Tp-Link ER7206 Omada Gigabit VPN...

CVE-2024-38903

H3C Magic R230 V100R002's udpserver opens port 9034, allowing attackers to execute arbitrary commands...

CVE-2024-38903

H3C Magic R230 V100R002's udpserver opens port 9034, allowing attackers to execute arbitrary commands...

PT-2024-28271 · H3C · H3C Magic R230

Name of the Vulnerable Software and Affected Versions: H3C Magic R230 version V100R002 Description: The issue allows attackers to execute arbitrary commands due to the udpserver opening port 9034. Recommendations: For H3C Magic R230 version V100R002, consider restricting access to port 9034 as a...

ASUS Download Master Buffer Overflow Vulnerability

ASUS Download Master is a download program from the Chinese company Asus ASUS. A buffer overflow vulnerability exists in ASUS Download Master. The vulnerability stems from a boundary error when the application handles untrusted input. An attacker could exploit the vulnerability to execute arbitra...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to arbitrary command execution in Less [CVE-2022-48624]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to arbitrary command execution in Less, caused by a flaw with omitting shellquote calls for LESSCLOSE in the closealtfile function in filename.c CVE-2022-48624. Less is included as a Base OS package used by our...

[SECURITY] [DSA 5715-1] composer security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5715-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 18, 2024 https://www.debian.org/security/faq -...

Debian dsa-5715 : composer - security update

The remote Debian 11 / 12 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-5715 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5715-1 [email protected]...

The vulnerability of the Qlik Sense Enterprise data analysis platform, related to insufficient validation of input data, allows a perpetrator to enhance their privileges and execute arbitrary commands on the server.

The vulnerability of the Qlik Sense Enterprise data analysis platform is related to insufficient validation of entered data. Exploiting this vulnerability can allow a malicious actor to enhance their privileges and execute arbitrary commands on the server...

CVE-2024-31161

The upload functionality of ASUS Download Master does not properly filter user input. Remote attackers with administrative privilege can exploit this vulnerability to upload any file to any location. They may even upload malicious web page files to the website directory, allowing arbitrary system...

The vulnerability of the microprogrammed software for Zyxel NAS326 and Zyxel NAS542 lies in the lack of measures taken to neutralize special elements used in the operating system’s command set. This allows attackers to execute arbitrary commands.

The vulnerability of the microprogrammed software for Zyxel NAS326 and Zyxel NAS542 lies in the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands by sending a...