Command injection

Green Packet WiMax DV-360 2.10.14-g1.0.6.1 devices allow Command Injection, with unauthenticated remote command execution, via a crafted payload to the HTTPS port, because lighttpd listens on all network interfaces including the external Internet by default. NOTE: this may overlap CVE-2017-9980...

CVE-2018-14067

CVE-2018-14067 affects Green Packet WiMax DV-360 devices running 2.10.14-g1.0.6.1. The issue is a command injection vulnerability causing unauthenticated remote command execution when a crafted payload is sent to the HTTPS port. The underlying cause cited is that lighttpd listens on all network i...

CVE-2017-9980

In Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, the "PING" aka tagipPing feature within the web interface allows performing command injection, via the "pip" parameter...

CVE-2017-9980

CVE-2017-9980 affects Green Packet DX-350 firmware (example: v2.8.9.5-g1.4.8-atheeb). The web interface’s PING feature (tag_ipPing) can be abused to perform command injection via the pip parameter, enabling arbitrary commands to be executed through the vulnerable web interface. The issue is evide...

CVE-2017-9980

In Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, the "PING" aka tagipPing feature within the web interface allows performing command injection, via the "pip" parameter...