SyroTech SY-GOPON-8OLT-L3 安全漏洞

The SyroTech SY-GOPON-8OLT-L3 is an optical line terminal from SyroTech. A security vulnerability exists in SyroTech SY-GOPON-8OLT-L3 version 1.6.0240629 that stems from the presence of an authenticated command injection vulnerability...

ArubaOS 安全漏洞

ArubaOS is an operating system for Aruba Mobility-Defined Networks, including Mobility Controllers and Mobility Access Switches, from Aruba, USA. A security vulnerability exists in ArubaOS that stems from the presence of an authenticated command execution vulnerability that could result in runnin...

Kemp LoadMaster 输入验证错误漏洞

Kemp LoadMaster is a highly secure application from Kemp. An input validation error vulnerability exists in Kemp LoadMaster that stems from improper input validation, resulting in an authenticated operating system command injection vulnerability...

CVE-2024-44845

DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the value parameter in the filterstring function...

CVE-2024-44844

CVE-2024-44844 affects DrayTek Vigor3900 v1.5.1.6. An authenticated command injection vulnerability exists in the run_command function through the name parameter, enabling arbitrary commands with low privileges required and no user interaction. Impact is high on confidentiality, integrity, and av...

CVE-2024-44845

DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the value parameter in the filterstring function...

DrayTek Vigor3900 安全漏洞

DrayTek Vigor3900 is a high-performance router for enterprise networks from China-based DrayTek. A security vulnerability exists in the DrayTek Vigor3900 v1.5.1.6, which is caused by an authenticated command injection vulnerability via the name parameter in the runcommand function...

DrayTek Vigor3900 安全漏洞

DrayTek Vigor3900 is a high-performance router for enterprise networks from China DrayTek. A security vulnerability exists in the DrayTek Vigor3900 v1.5.1.6, which originates from an authenticated command injection vulnerability via the value parameter in the filterstring function...

CVE-2024-44844

DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the name parameter in the runcommand function...

CVE-2024-37023

Multiple OS command injection vulnerabilities affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an authenticated remote attacker to execute arbitrary OS commands via various endpoint parameters...

CVE-2024-21881 Upload of encrypted packages allows authenticated command execution in Enphase IQ Gateway v4.x and v5.x

Inadequate Encryption Strength vulnerability allow an authenticated attacker to execute arbitrary OS Commands via encrypted package upload.This issue affects Envoy: 4.x and 5.x...

CVE-2024-21881

CVE-2024-21881 affects Envoy 4.x through 5.x. The vulnerability is an Inadequate Encryption Strength issue that allows an authenticated attacker to execute arbitrary OS commands via encrypted package upload. Connected documents confirm affected software and the underlying issue, and indicate ther...

mySCADA MyPRO Authenticated Command Injection

class MetasploitModule 'mySCADA MyPRO Authenticated Command Injection CVE-2023-28384', 'Description' = %q Authenticated Command Injection in MyPRO MSFLICENSE, 'Author' = 'Michael Heinzl', Vulnerability discovery & MSF module 'References' = 'URL',...

Hewlett Packard Enterprise EdgeConnect SD-WAN 安全漏洞

Hewlett Packard Enterprise EdgeConnect SD-WAN is Hewlett Packard Enterprise's secure network foundation for Zero Trust and SASE. It includes best-in-class SD-WAN and next-generation firewalls that deliver unrivaled quality of experience and advanced security. A security vulnerability exists in...

PT-2024-29289 · Hewlett Packard · Hpe Aruba Networking Edgeconnect Sd-Wan

Name of the Vulnerable Software and Affected Versions: HPE Aruba Networking EdgeConnect SD-WAN gateways affected versions not specified Description: An authenticated command injection issue exists in the Command Line Interface of the affected software. This allows for the execution of arbitrary...

CVE-2024-41661

...

PT-2024-10143 · Wavlink · Wavlink Ac3000

Name of the Vulnerable Software and Affected Versions: Wavlink AC3000 M33A8.V5030.210505 Description: Multiple OS command injection vulnerabilities exist in the set add routing functionality of the internet.cgi script. A specially crafted HTTP request can lead to arbitrary command execution. An...

CVE-2024-4640

CVE-2024-4640 affects MOXA OnCell G3470A-LTE Series, firmware v1.7.7 and earlier. The issue is missing bounds checking on buffer operations, allowing an attacker to write past allocated buffer boundaries, causing a program crash (DoS). Connected sources reiterate a buffer overflow risk but do not...

CVE-2024-4640 OnCell G3470A-LTE Series: Authenticated Command Injection via sendTestEmail

OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to missing bounds checking on buffer operations. An attacker could write past the boundaries of allocated buffer regions in memory, causing a program crash...

CVE-2024-4639

CVE-2024-4639 affects MOXA OnCell G3470A-LTE Series firmware v1.7.7 and earlier. The root cause is a lack of neutralized inputs in IPSec configuration, enabling an attacker to modify the intended commands sent to target functions and potentially execute unauthorized commands. Connected sources co...