CVE-2025-1546 BDCOM Behavior Management and Auditing System operate.mds log_operate_clear os command injection

A vulnerability has been found in BDCOM Behavior Management and Auditing System up to 20250210 and classified as critical. Affected by this vulnerability is the function logoperateclear of the file /webui/modules/log/operate.mds. The manipulation of the argument startcode leads to os command...

CVE-2025-1546 BDCOM Behavior Management and Auditing System operate.mds log_operate_clear os command injection

A vulnerability has been found in BDCOM Behavior Management and Auditing System up to 20250210 and classified as critical. Affected by this vulnerability is the function logoperateclear of the file /webui/modules/log/operate.mds. The manipulation of the argument startcode leads to os command...

CVE-2025-1546

The CVE-2025-1546 entry affects BDCOM Behavior Management and Auditing System (up to 20250210). The vulnerability is in the function log_operate_clear (file /webui/modules/log/operate.mds). Manipulating the start_code argument enables OS command injection, with remote access possible. Public expl...

BDCOM Behavior Management and Auditing System 操作系统命令注入漏洞

BDCOM Behavior Management and Auditing System is a behavior management and auditing system from BDCOM China. An operating system command injection vulnerability exists in BDCOM Behavior Management and Auditing System version 20250210 and prior versions, which stems from a system command injection...

CVE-2023-39678

A cross-site scripting XSS vulnerability in the device web interface Log Query page of BDCOM OLT P3310D-2AC 10.1.0F Build 69083 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter...

CVE-2023-39678

A cross-site scripting XSS vulnerability in the device web interface Log Query page of BDCOM OLT P3310D-2AC 10.1.0F Build 69083 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter...

Cross site scripting

A cross-site scripting XSS vulnerability in the device web interface Log Query page of BDCOM OLT P3310D-2AC 10.1.0F Build 69083 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter...

BDCOM OLT P3310D-2AC 跨站脚本漏洞

The BDCOM OLT P3310D-2AC is a dual power optical path terminal from BDCOM China. A security vulnerability exists in BDCOM OLT P3310D-2AC version 10.1.0F Build 69083. An attacker can exploit this vulnerability to execute arbitrary web script or HTML via a specially crafted payload injected with th...

CVE-2023-39678

A cross-site scripting XSS vulnerability in the device web interface Log Query page of BDCOM OLT P3310D-2AC 10.1.0F Build 69083 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter...

CVE-2023-39678

A cross-site scripting XSS vulnerability in the device web interface Log Query page of BDCOM OLT P3310D-2AC 10.1.0F Build 69083 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter...

PT-2023-27069 · Bdcom · Bdcom Olt P3310D-2Ac

Name of the Vulnerable Software and Affected Versions: BDCOM OLT P3310D-2AC version 10.1.0F Build 69083 Description: A cross-site scripting XSS vulnerability in the device web interface, specifically the Log Query page, allows attackers to execute arbitrary web scripts or HTML via a crafted paylo...

CVE-2023-39678

The CVE-2023-39678 entry describes an XSS flaw in the web interface (Log Query page) of the BDCOM OLT P3310D-2AC, firmware 10.1.0F Build 69083. Vulnerable component: the Log Query username parameter; root cause is reflected/stored XSS allowing arbitrary web script/HTML execution. Impact explicitl...

BDCOM 1704-WGL Information Disclosure Vulnerability

The BDCOM 1704-WGL is a router from BDCOM China. An information disclosure vulnerability exists in the BDCOM 1704-WGL version 2.0.6314, which originates from the file /param.file.tgz in the component Backup File Handler, which is not sufficiently protected for sensitive information and can be...

CVE-2023-0659

A vulnerability was found in BDCOM 1704-WGL 2.0.6314. It has been classified as critical. This affects an unknown part of the file /param.file.tgz of the component Backup File Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The identifier...

CVE-2023-0659

A vulnerability was found in BDCOM 1704-WGL 2.0.6314. It has been classified as critical. This affects an unknown part of the file /param.file.tgz of the component Backup File Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The identifier...

Design/Logic Flaw

A vulnerability was found in BDCOM 1704-WGL 2.0.6314. It has been classified as critical. This affects an unknown part of the file /param.file.tgz of the component Backup File Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The identifier...

CVE-2023-0659 BDCOM 1704-WGL Backup File param.file.tgz information disclosure

A vulnerability was found in BDCOM 1704-WGL 2.0.6314. It has been classified as critical. This affects an unknown part of the file /param.file.tgz of the component Backup File Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The identifier...

CVE-2023-0659

The CVE-2023-0659 entry documents a critical information disclosure vulnerability in BDCOM 1704-WGL, specifically affecting the Backup File Handler component. The issue concerns an unknown portion of the file /param.file.tgz and is exploitable remotely, leading to leakage of sensitive information...

CVE-2023-0659 BDCOM 1704-WGL Backup File param.file.tgz information disclosure

A vulnerability was found in BDCOM 1704-WGL 2.0.6314. It has been classified as critical. This affects an unknown part of the file /param.file.tgz of the component Backup File Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The identifier...

BDCOM 1704-WGL 信息泄露漏洞

The BDCOM 1704-WGL is a router from BDCOM China. An information disclosure vulnerability exists in the BDCOM 1704-WGL version 2.0.6314, which originates from the file /param.file.tgz in the component Backup File Handler, which is not sufficiently protected for sensitive information and can be...