18 matches found
CVE-2026-22613
The server identity check mechanism for firmware upgrade performed via command shell is insecurely implemented potentially allowing an attacker to perform a Man-in-the-middle attack. This security issue has been fixed in the latest firmware version of Eaton Network M3 which is available on the...
CVE-2026-22613
The CVE-2026-22613 entry pertains to Eaton Network M3 firmware upgrades via command shell, where the server identity check during upgrade is insecure, enabling potential MITM. Affected component: firmware upgrade mechanism; root cause: insecure server identity verification in upgrade flow. Impact...
CVE-2026-22613
The server identity check mechanism for firmware upgrade performed via command shell is insecurely implemented potentially allowing an attacker to perform a Man-in-the-middle attack. This security issue has been fixed in the latest firmware version of Eaton Network M3 which is available on the...
CVE-2026-22613
The server identity check mechanism for firmware upgrade performed via command shell is insecurely implemented potentially allowing an attacker to perform a Man-in-the-middle attack. This security issue has been fixed in the latest firmware version of Eaton Network M3 which is available on the...
CVE-2026-22613
The server identity check mechanism for firmware upgrade performed via command shell is insecurely implemented potentially allowing an attacker to perform a Man-in-the-middle attack. This security issue has been fixed in the latest firmware version of Eaton Network M3 which is available on the...
Eaton Network M3 安全漏洞
Eaton Network M3 is a security network interface card developed by the American company Eaton. There is a security vulnerability in Eaton Network M3, which stems from the insecure mechanism for server identity checks executed through command shells during firmware updates. This vulnerability may...
PT-2026-7071
The server identity check mechanism for firmware upgrade performed via command shell is insecurely implemented potentially allowing an attacker to perform a Man-in-the-middle attack. This security issue has been fixed in the latest firmware version of Eaton Network M3 which is available on the...
Eaton NMC G2 安全漏洞
Eaton NMC G2 is a network management card from Eaton Corporation USA. A security vulnerability exists in the Eaton NMC G2 that originates from a privileged attacker being able to modify the contents of non-sensitive files via path traversal in a CLI restricted shell...
Eaton Network-M2 安全漏洞
Eaton Network-M2 is a wireless network card from Eaton Corporation USA. A security vulnerability exists in the Eaton Network-M2 that stems from the inclusion of an improper input validation issue that could lead to command execution...
Eaton Network Shutdown Module 3.21 PHP Code Injection
Eaton Network Shutdown module versions 3.21 and below suffer from a remote PHP code injection vulnerability. This is a python exploit for a previously disclosed finding. !/usr/bin/env python Quick 'n' Dirty - Metasploit module didn't do it for me 2013 - Filip Waeytens - http://www.wsec.be Usage...
Eaton Network Shutdown Module 3.21 PHP Code Injection
!/usr/bin/env python Quick 'n' Dirty - Metasploit module didn't do it for me 2013 - Filip Waeytens - http://www.wsec.be Usage Example: $ python eaton.py 192.168.1.9 "net user" User accounts for \ ------------------------------------------------------------------------------- Guest LocalAdmin The...
Eaton Network Shutdown Module 3.21 - Remote PHP Code Injection
!/usr/bin/env python Quick 'n' Dirty - Metasploit module didn't do it for me 2013 - Filip Waeytens - http://www.wsec.be Usage Example: $ python eaton.py 192.168.1.9 "net user" User accounts for \ ------------------------------------------------------------------------------- Guest LocalAdmin The...
Eaton Network Shutdown Module 3.21 - Remote PHP Code Injection
Eaton Network Shutdown Module 3.21 - Remote PHP Code Injection !/usr/bin/env python Quick 'n' Dirty - Metasploit module didn't do it for me 2013 - Filip Waeytens - http://www.wsec.be Usage Example: $ python eaton.py 192.168.1.9 "net user" User accounts for \...
Eaton Network Shutdown Module Arbitrary PHP Code Execution Vulnerability
Eaton Network Shutdown Module is prone to a remote PHP code-execution vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if...
Eaton Network Shutdown Module Detection
The remote web server is part of Network Shutdown Module, from Eaton Corporation formerly MGE Office Protection Systems. It is used to monitor UPS-protected computers and shut them down gracefully if AC power fails. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid6008...
Eaton Network Shutdown Module view_list.php paneStatusListSortBy Parameter eval() Call Remote PHP Code Execution
The version of the Eaton Network Shutdown Module hosted on the remote web server does not sanitize user input to the 'paneStatusListSortBy' parameter of the 'viewlist.php' script before using it as part of a command to be executed via PHP's 'eval' function. An unauthenticated, remote attacker can...
Eaton Network Shutdown Module Default Administrator Credentials
The remote Eaton Network Shutdown Module install uses a default set of credentials to control access to its administrative functionality. With this information, an attacker can gain complete access to the application. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
Eaton Network Shutdown Module < 3.20 Authentication Bypass / Command Execution
According to its version number, the Network Shutdown Module install on the remote host is earlier than 3.20. It therefore reportedly fails to require authentication before allowing a remote attacker to add custom actions through the 'paneactionbutton.php' script and then execute them via the...