Improper access control

Improper access control vulnerability in pfSense CE and pfSense Plus pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01 allows a remote attacker with the privilege to change NTP GPS settings to rewrite existing files on the file system, which may result ...

CVE-2022-26019

The CVE-2022-26019 issue affects pfSense CE/Plus: pfSense CE before 2.6.0 and pfSense Plus before 22.01. The root cause is improper access control that lets a remote attacker with privilege to modify NTP GPS settings rewrite files on the filesystem, potentially enabling arbitrary command executio...

CVE-2022-26019

Improper access control vulnerability in pfSense CE and pfSense Plus pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01 allows a remote attacker with the privilege to change NTP GPS settings to rewrite existing files on the file system, which may result ...

PT-2022-15756

Name of the Vulnerable Software and Affected Versions Netcommunity OG410X and OG810X series versions 2.28 and earlier Description The issue allows an attacker on the adjacent network to execute an arbitrary OS command via a specially crafted config file. Recommendations For Netcommunity OG410X an...

CVE-2021-33523

MashZone NextGen through 10.7 GA allows a remote authenticated user, with access to the admin console, to upload a new JDBC driver that can execute arbitrary commands on the underlying host. This occurs in com.idsscheer.ppmmashup.business.jdbc.DriverUploadController...

CVE-2021-33523

MashZone NextGen through 10.7 GA allows a remote authenticated user, with access to the admin console, to upload a new JDBC driver that can execute arbitrary commands on the underlying host. This occurs in com.idsscheer.ppmmashup.business.jdbc.DriverUploadController...

The vulnerability of the command-line interface of StarOS systems allows attackers to execute arbitrary commands and increase their privileges.

The vulnerability of the command-line interface of StarOS systems is related to insufficient checking of arguments passed in commands. Exploiting this vulnerability allows an attacker to execute arbitrary code and increase their privileges...

The vulnerability in the implementation of the oal_setIp6DefaultRoute() function in the libcmm.so module of the TP-Link TL-WR840N (ES) router’s software allows a attacker to execute arbitrary commands.

The vulnerability in the implementation of the oalsetIp6DefaultRoute function in the libcmm.so module of the TP-Link TL-WR840N ES router’s software lies in the failure to properly handle special elements when processing the ifName argument. Exploiting this vulnerability allows an attacker to...

CVE-2021-44127

In DLink DAP-1360 F1 firmware version =v6.10 in the "webupg" binary, an attacker can use the "file" parameter to execute arbitrary system commands when the parameter is "name=deleteFile" after being authorized...

Design/Logic Flaw

In DLink DAP-1360 F1 firmware version =v6.10 in the "webupg" binary, an attacker can use the "file" parameter to execute arbitrary system commands when the parameter is "name=deleteFile" after being authorized...

NETGEAR R8500 操作系统命令注入漏洞

The NETGEAR R8500 is a wireless router from the American company Netgear. A security vulnerability exists in the NETGEAR R8500, which can be exploited by an attacker to execute arbitrary commands such as telnetd...

Tenda M3 Command Injection Vulnerability (CNVD-2022-33113)

Tenda M3 is an access control from Tenda, a Chinese company. Tenda M3 is vulnerable to command injection, which stems from the failure of the component /goform/WriteFacMac to properly filter the construct command special characters, commands, etc. An attacker could use this vulnerability to cause...

Tenda M3 Command Injection Vulnerability (CNVD-2022-33116)

Tenda M3 is an access control from Tenda, China. Tenda M3 is vulnerable to command injection, which stems from the failure of component/goform/setWorkmode to properly filter the construction of command special characters, commands, etc. An attacker could use this vulnerability to cause arbitrary...

Tenda M3 Command Injection Vulnerability (CNVD-2022-33118)

Tenda M3 is an access control from Tenda, a Chinese company. Tenda M3 is vulnerable to command injection, which stems from the component /goform/SetLanInfo fails to properly filter the construct command special characters, commands, etc., and can be exploited by attackers to cause arbitrary comma...

Tenda M3 Command Injection Vulnerability (CNVD-2022-33115)

Tenda M3 is an access control from Tenda, a Chinese company. Tenda M3 is vulnerable to command injection, which stems from the component /cgi-bin/uploadAccessCodePic fails to properly filter the construction of command special characters, commands, etc., which can be exploited by attackers to cau...

Tenda M3 Command Injection Vulnerability (CNVD-2022-33122)

Tenda M3 is an access control from Tenda, a Chinese company. Tenda M3 has a command injection vulnerability, which originates from the component /goform/exeCommand fails to properly filter the construction of command special characters, commands, etc., which can be exploited by attackers to cause...

Tenda M3 Command Injection Vulnerability (CNVD-2022-33117)

Tenda M3 is an access control from Tenda, a Chinese company. Tenda M3 is vulnerable to command injection, which stems from the component /goform/setPicListItem fails to properly filter the construct command special characters, commands, etc., and can be exploited by attackers to cause arbitrary...

Tenda M3 Command Injection Vulnerability (CNVD-2022-33120)

Tenda M3 is an access control from Tenda, a Chinese company. Tenda M3 is vulnerable to command injection, which stems from the component /goform/setFixTools fails to properly filter the construct command special characters, commands, etc., and can be exploited by attackers to cause arbitrary...

Tenda M3 Command Injection Vulnerability (CNVD-2022-33114)

Tenda M3 is an access control from Tenda, a Chinese company. Tenda M3 is vulnerable to command injection, which stems from the failure of the component /cgi-bin/uploadWeiXinPic to properly filter the construction of command special characters, commands, etc. An attacker could use this vulnerabili...

ASUS RT-AC68U and RT-AC5300 Command Injection Vulnerability

The ASUS RT-AC68U and ASUS RT-AC5300 are both routers from the Chinese company ASUS. A command injection vulnerability exists in the Asus RT-AC68U prior to version 3.0.0.4.385.20633 and RT-AC5300 prior to version 3.0.0.4.384.82072, which stems from a failure to properly validate data boundaries...