5 matches found
VulnCheck KEV: CVE-2017-14127
Command Injection in the Ping Module in the Web Interface on Technicolor TD5336 OIFwv7 devices allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the pingAddr parameter to mntping.cgi...
Command injection
An issue was discovered in certain Oi third-party firmware that may be installed on Technicolor TD5130v2 devices. A Command Injection in the Ping module in the Web Interface in OIFwV20 allows remote attackers to execute arbitrary OS commands in the pingAddr parameter to mntping.cgi. NOTE: This ma...
CVE-2019-18396
CVE-2019-18396 affects Technicolor TD5130v2 devices running OI_Fw_V20. A command injection exists in the Ping module of the Web Interface via the pingAddr parameter to mnt_ping.cgi, enabling remote attackers to execute arbitrary OS commands. Public details show an example payload in POST /mnt_pin...
CVE-2017-14127
Command Injection in the Ping Module in the Web Interface on Technicolor TD5336 OIFwv7 devices allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the pingAddr parameter to mntping.cgi...
CVE-2017-14127
CVE-2017-14127 is a command-injection vulnerability in the Ping Module of the Technicolor TD5336 TD5336 OI_Fw_v7 device web interface. The issue allows remote attackers to execute arbitrary OS commands as root by injecting shell metacharacters into the pingAddr parameter sent to mnt_ping.cgi. Pub...