Western Digital MyCloud NAS - Command Injection

Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 /web/googleanalytics.php URL via a modified arg parameter in the POST data. id: CVE-2016-10108 info: name: Western Digital MyCloud NAS - Command Injection author: DhiyaneshDk severity: critical...

CVE-2023-0127

A command injection vulnerability in the firmwareupdate command, in the device's restricted telnet interface, allows an authenticated attacker to execute arbitrary commands as root...

Synology Router Manager (SRM) 1.3.x Multiple Vulnerabilities (Synology-SA-24:09) - Unreliable Remote Version Check

Synology Router Manager SRM is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

kernel: powerpc/rtas_flash: allow user copy to flash block cache objects

In the Linux kernel, the following vulnerability has been resolved: powerpc/rtasflash: allow user copy to flash block cache objects With hardened usercopy enabled CONFIGHARDENEDUSERCOPY=y, using the /proc/powerpc/rtas/firmwareupdate interface to prepare a system firmware update yields a BUG: kern...

CVE-2023-0127

A command injection vulnerability in the firmwareupdate command, in the device's restricted telnet interface, allows an authenticated attacker to execute arbitrary commands as root...

CVE-2023-0127

Affected product: D-Link DWL-2600AP (wireless access point). Vulnerability: Command injection in the firmware_update command exposed via the device’s restricted telnet interface. Root cause: improper handling in firmware_update allows an authenticated user to inject and execute arbitrary commands...