TOTOLINK A3700R setTracerouteCfg Method Command Injection Vulnerability

The TOTOLINK A3700R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in TOTOLINK A3700R v9.1.2u.5822B20200513, which stems from the setTracerouteCfg method failing to correctly filter constructed command special characters, commands, and so on...

TOTOLINK A3300R setDmzCfg Method Command Injection Vulnerability

TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R version V17.0.0cu.557B20221024, which stems from the ip parameter of the setDmzCfg method failing to correctly filter constructed command special characters...

TOTOLINK A3700R UploadFirmwareFile Method Command Injection Vulnerability

The TOTOLINK A3700R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3700R v9.1.2u.5822B20200513 version, which stems from the UploadFirmwareFile method failing to correctly filter constructed command special characters,...

TOTOLINK A3700R setOpModeCfg Method Command Injection Vulnerability

The TOTOLINK A3700R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in TOTOLINK A3700R v9.1.2u.5822B20200513, which stems from the setOpModeCfg method failing to correctly filter constructed command special characters, commands, and so on. An...

TOTOLINK A3300R setTr069Cfg Method Command Injection Vulnerability

TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R version V17.0.0cu.557B20221024, which stems from the pass parameter of the setTr069Cfg method failing to correctly filter construct command special...

Command Injection Vulnerability in DIR-822+ V1.0.2 of AUO Electronic Equipment (Shanghai) Co.

DIR-822 is a wireless router from D-Link, a Chinese company. A command injection vulnerability exists in the AUO Electronic Devices Shanghai Co. DIR-822+ version V1.0.2, which stems from the SetStaticRouteSettings function failing to correctly filter constructor command special characters,...

WordPress plugin Newsletters security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A security vulnerability in the WordPress plugin...

TOTOLINK EX1200T Command Injection Vulnerability

TOTOLINK EX1200T is a Wi-Fi range extender from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in TOTOLINK EX1200T version V4.1.2cu.5232B20210713, which stems from the main method failing to properly filter construct command special characters, commands, and so on. An...

EulerOS 2.0 SP11 : emacs (EulerOS-SA-2023-2681)

According to the versions of the emacs package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or...

The vulnerability of the web interfaces of Ivanti Connect Secure and Ivanti Policy Secure control devices allows a perpetrator to execute arbitrary commands.

The vulnerability of the Web interfaces of Ivanti Connect Secure and Ivanti Policy Secure lies in the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands by sending...

Remote code execution

An authenticated remote code execution vulnerability in QStar Archive Solutions Release RELEASE3-0 Build 7 Patch 0 allows attackers to arbitrarily execute commands...

CVE-2023-51066

An authenticated remote code execution vulnerability in QStar Archive Solutions Release RELEASE3-0 Build 7 Patch 0 allows attackers to arbitrarily execute commands...

CVE-2024-21887

A command injection vulnerability in web components of Ivanti Connect Secure 9.x, 22.x and Ivanti Policy Secure 9.x, 22.x allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance...

Arbitrary Command Execution

Nginx-UI is vulnerable to Arbitrary Command Execution. The vulnerability is due to improper handling of startcmd setting. This issue can be exploited by an attacker by modifying startcmd setting to execute arbitrary commands...

Tenda AX1803 Command Injection Vulnerability

Tenda AX1803 is a dual-band Gigabit WIFI6 router from Tenda China. A command injection vulnerability exists in the Tenda AX1803 v1.0.0.1, which stems from the fromAdvSetLanIp method failing to properly filter construct command special characters, commands, etc. The vulnerability can be exploited ...

PT-2024-13711 · Hongdian · H8951-4G-Esp +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: An authenticated user can execute arbitrary commands in the context of the root user by providing a payload in the destination field of the network test...

Information disclosure

Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to arbitrary command execution by abusing the configuration settings. The Home Preference page exposes a list of system settings such as Run Mode, Jwt Secret, Node Secret and Terminal Start Command. While the UI doesn't...

CVE-2024-22198

CVE-2024-22198 affects Nginx-UI, a web interface for Nginx config management. The issue allows authenticated remote code execution by abusing configuration settings; the Home > Preference exposes sensitive settings (Run Mode, Jwt Secret, Node Secret, Terminal Start Command) and can be modified...

CVE-2024-22198 Authenticated (user role) arbitrary command execution by modifying `start_cmd` setting (GHSL-2023-268)

Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to arbitrary command execution by abusing the configuration settings. The Home Preference page exposes a list of system settings such as Run Mode, Jwt Secret, Node Secret and Terminal Start Command. While the UI doesn't...

Authenticated (user role) arbitrary command execution by modifying `start_cmd` setting (GHSL-2023-268)

Summary Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to arbitrary command execution by abusing the configuration settings. Details The Home Preference page exposes a list of system settings such as Run Mode, Jwt Secret, Node Secret and Terminal Start Command. The...