PT-2022-3909 · Robustel · Robustel R1510

Name of the Vulnerable Software and Affected Versions: Robustel R1510 version 3.3.0 Description: The issue is related to command injection vulnerabilities in the web server's ajax endpoints functionalities. A specially-crafted network packet can lead to arbitrary command execution. An attacker ca...

WAVLINK AERIAL X 1200M 操作系统命令注入漏洞

WAVLINK AERIAL X 1200M, a WiFi extender from WAVLINK China, is vulnerable to a command injection vulnerability in version M79X3.V5030.180719, which stems from the execution of a POST received in adm.cgi spliced directly into a system function, which can be exploited by an attacker to exploit this...

PT-2022-20683 · Wavlink · Wavlink Aerial X 1200M

Name of the Vulnerable Software and Affected Versions: WAVLINK AERIAL X 1200M version M79X3.V5030.180719 Description: The issue allows attackers to execute arbitrary commands via a crafted POST request to the adm.cgi endpoint. This is achieved by sending a specifically designed request to the...

LibreNMS Command Injection Vulnerability (CNVD-2022-91160)

LibreNMS is a PHP and MySQL based open source network monitoring system from the LibreNMS community. LibreNMS v22.3.0 contains a command injection vulnerability that stems from the failure of the serviceip, hostname and serviceparam parameters to properly filter the construct command special...

Arbitrary Command Execution

jmespath is vulnerable to arbitrary command execution. An attacker is able to inject and execute arbitrary commands due to the unsafe usage of JSON.load where JSON.parse is preferable...

The vulnerability of Fortinet FortiAP-S/W2 and FortiAP microprogramming software arises from the lack of measures taken to neutralize special elements used in the operating system command set. This allows attackers to execute arbitrary commands.

The vulnerability of Fortinet FortiAP-S/W2 and FortiAP lies in the lack of measures taken to neutralize special elements used in the operating system command set. Exploiting this vulnerability can allow an attacker to execute arbitrary commands...

EulerOS 2.0 SP10 : ghostscript (EulerOS-SA-2022-1804)

According to the versions of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A trivial sandbox enabled with the -dSAFER option escape flaw was found in the ghostscript interpreter by injecting a specially crafted pip...

CVE-2022-29735

Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 allows attackers to execute arbitrary commands via a crafted HTTP request...

TOTOLINK EX1200T 操作系统命令注入漏洞

TOTOLINK EX1200T is a Wi-Fi range extender from China-based Gion Electronics TOTOLINK.A command injection vulnerability exists in TOTOLINK EX1200T V4.1.2cu.5215, which originates from the file lib/cstemodules/system in the setNoticeCfg function in the file lib/cstemodules/system fails to properly...

gitsome 操作系统命令注入漏洞

npm bbultman gitsome is a small library from npm, USA. It can help make decisions based on the data available in a git repository. A security vulnerability exists in gitsome version 0.2.3, which stems from the fact that an attacker controlling the tagged name of the target git repository may...

The vulnerability of the CLI component of the Cisco IOS XE operating system for Cisco Catalyst 9000 Series network devices allows a perpetrator to escalate their privileges or execute arbitrary commands.

The vulnerability of the CLI component of the Cisco IOS XE operating system for Cisco Catalyst 9000 Series network devices is related to privilege assignment errors. Exploiting this vulnerability can allow an attacker to enhance their privileges or execute arbitrary commands...

Arbitrary command execution in Minidoc

An arbitrary file upload vulnerability in Mindoc v2.1-beta.5 allows attackers to execute arbitrary commands via a crafted Zip file...

GHSA-P5X5-JG3J-2JCJ OS command injection in CryptoMove Plugin

CryptoMove Plugin 0.1.33 and earlier allows the configuration of an OS command to execute as part of its build step configuration. This command will be executed on the Jenkins controller as the OS user account running Jenkins, allowing user with Job/Configure permission to execute an arbitrary OS...

CVE-2018-0493

remctld in remctl before 3.14, when an attacker is authorized to execute a command that uses the sudo option, has a use-after-free that leads to a daemon crash, memory corruption, or arbitrary command execution...

TotoLink A3100R Command Injection Vulnerability (CNVD-2022-54652)

TotoLink A3100R is a series of wireless routers from TotoLink, Taiwan, China.TotoLink A3100R version V4.1.2cu.5050B20200504 and V4.1.2cu.5247B20211129 are vulnerable to command injection, which originates from uci cloudupdateconfig function in the magicid parameter fails to properly filter the...

TOTOLINK A3100R 安全漏洞

TotoLink A3100R is a series of wireless routers from TotoLink, Taiwan, China.TotoLink A3100R version V4.1.2cu.5050B20200504 and V4.1.2cu.5247B20211129 are vulnerable to command injection, which originates from uci cloudupdateconfig function in the magicid parameter fails to properly filter the...

CVE-2022-1362

The affected On-Premise cnMaestro is vulnerable inside a specific route where a user can upload a crafted package to the system. An attacker could abuse this user-controlled data to execute arbitrary commands on the server...

Design/Logic Flaw

The affected On-Premise cnMaestro is vulnerable inside a specific route where a user can upload a crafted package to the system. An attacker could abuse this user-controlled data to execute arbitrary commands on the server...

CVE-2022-1362 Cambium Networks cnMaestro OS Command Injection

The affected On-Premise cnMaestro is vulnerable inside a specific route where a user can upload a crafted package to the system. An attacker could abuse this user-controlled data to execute arbitrary commands on the server...

CVE-2022-1362

The CVE-2022-1362 issue affects Cambium Networks cnMaestro On-Premises. In a specific route, an attacker can upload a crafted package, allowing user-controlled data to execute arbitrary commands on the server (OS command injection). Impact is execution of code with the server’s privileges. Remedi...