Command injection

An OS command injection vulnerability exists in the Web Manager FsUnmount functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

Design/Logic Flaw

Specially-crafted HTTP requests can lead to arbitrary command execution in “GET” requests. An attacker can make authenticated HTTP requests to trigger this vulnerability...

Command injection

An OS command injection vulnerability exists in the Web Manager Diagnostics: Traceroute functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

Cross site request forgery (csrf)

A specially-crafted HTTP request can lead to arbitrary command execution in RSA keypasswd parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability...

Cross site request forgery (csrf)

A specially-crafted HTTP request can lead to arbitrary command execution in EC keypasswd parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2021-21888

An OS command injection vulnerability exists in the Web Manager SslGenerateCertificate functionality of Lantronix PremierWave 2050 8.9.0.0R4 in QEMU. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this...

CVE-2021-21883

An OS command injection vulnerability exists in the Web Manager Diagnostics: Ping functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2021-21877

CVE-2021-21877 affects Lantronix PremierWave 2050 Web Manager FsTFtp. The flaw enables OS command injection via authenticated HTTP requests (GET and PUT) that construct and execute system commands using user-supplied parameters. For GET, the vulnerability relies on parameters such as remote and l...

CVE-2021-21877

Specially-crafted HTTP requests can lead to arbitrary command execution in “GET” requests. An attacker can make authenticated HTTP requests to trigger this vulnerability...

CVE-2021-21875

A specially-crafted HTTP request can lead to arbitrary command execution in EC keypasswd parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2021-21875

Lantronix PremierWave 2050 has OS command injection vulnerabilities in its Web Manager SSL Credential Upload feature. CVE-2021-21875 specifically allows authenticated attackers to inject commands via the EC keypasswd parameter, leading to arbitrary code execution with root privileges. The confirm...

CVE-2021-21873

CVE-2021-21873 affects Lantronix PremierWave 2050 Web Manager, where an authenticated HTTP request to the SSL credential upload endpoint can inject commands via the RSA keypasswd parameter. Talos details show multiple OS command injection vulnerabilities in the Web Manager’s SSL/Credentials page,...

CVE-2021-21873

A specially-crafted HTTP request can lead to arbitrary command execution in RSA keypasswd parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2021-21872

An OS command injection vulnerability exists in the Web Manager Diagnostics: Traceroute functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

PT-2021-7546 · Hirschmann · Hirschmann Bat-C2

Name of the Vulnerable Software and Affected Versions: Hirschmann BAT-C2 affected versions not specified Description: The issue exists due to the lack of measures to neutralize special elements used in the operating system command. It allows a remote attacker to execute arbitrary code by sending ...

Lantronix PremierWave 2050 操作系统命令注入漏洞

The Lantronix PremierWave 2050 is an embedded enterprise Wi-Fi module from Lantronix, Inc. Used to provide reliable and always-on 5G Wi-Fi connectivity, the Lantronix PremierWave 2050 version 8.9.0.0R4 is vulnerable to an operating system command injection vulnerability that can be exploited by...

PT-2021-14808 · Lantronix · Premierwave 2050 Firmware

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: A specially-crafted HTTP request can lead to arbitrary command execution in the keypasswd parameter. An attacker can make an authenticated HTTP request to trigger this issue. The...

The vulnerability of the wifi_country_code_update function in the microprogramming software for surveillance systems from Anker Eufy Homebase allows a intruder to execute arbitrary commands on the operating system.

The vulnerability of the wifiCountryCodeUpdate function in Anker Eufy Homebase software exists because measures are not taken to neutralize the special commands used in the operating system. Exploiting this vulnerability allows a malicious actor to execute arbitrary operating system commands by...

The vulnerability of the web interface and API of the Cisco Application Policy Infrastructure Controller allows a perpetrator to execute arbitrary commands.

The vulnerability of the Cisco Application Policy Infrastructure Controller’s web interface and API exists due to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands...

Garrett Metal Detectors 路径遍历漏洞

Garrett Metal Detectors is a walk-in metal detector from Garrett U.S.A. Garrett Metal Detectors is vulnerable to a path traversal vulnerability that could be exploited by remote attackers to submit special requests and execute arbitrary commands in the application context...