LevelOne WBR-6013 boa formSysCmd leftover debug code vulnerability

Talos Vulnerability Report TALOS-2023-1873 LevelOne WBR-6013 boa formSysCmd leftover debug code vulnerability July 8, 2024 CVE Number CVE-2023-49593 SUMMARY Leftover debug code exists in the boa formSysCmd functionality of LevelOne WBR-6013 RER4Av3411b2T2RLEV09170623. A specially crafted network...

VulnCheck KEV: CVE-2023-23295

Korenix Jetwave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection via /goform/formSysCmd. An attacker an modify the sysCmd parameter in order to execute commands as root...

CVE-2023-30404

Aigital Wireless-N Repeater MiniRouter v0.131229 was discovered to contain a remote code execution RCE vulnerability via the sysCmd parameter in the formSysCmd function. This vulnerability is exploited via a crafted HTTP request...

Aigital Wireless-N Repeater Mini_Router 安全漏洞

Aigital Wireless-N Repeater Mini-Router is a wireless router repeater from Aigital. A security vulnerability exists in Aigital Wireless-N Repeater MiniRouter version v0.131229, which stems from the discovery of a Remote Code Execution RCE vulnerability via the sysCmd parameter in the formSysCmd...

CVE-2023-23295

Korenix Jetwave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection via /goform/formSysCmd. An attacker an modify the sysCmd parameter in order to execute commands as root...

CVE-2023-23295

Korenix Jetwave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection via /goform/formSysCmd. An attacker an modify the sysCmd parameter in order to execute commands as root...

Command injection

Korenix Jetwave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection via /goform/formSysCmd. An attacker an modify the sysCmd parameter in order to execute commands as root...

PT-2023-18890 · Korenix · Korenix Jetwave 4200 Series +1

Name of the Vulnerable Software and Affected Versions: Korenix Jetwave 4200 Series version 1.3.0 Korenix JetWave 3000 Series version 1.6.0 Description: The issue allows for Command Injection via the "/goform/formSysCmd" API endpoint. An attacker can modify the sysCmd parameter to execute commands...

VulnCheck KEV: CVE-2019-19824

On certain TOTOLINK Realtek SDK based routers, an authenticated attacker may execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI syscmd.htm is not available. This allows for full control over the device's internals. This affects A3002RU through...

CVE-2015-9551

An issue was discovered on TOTOLINK A850R-V1 through 1.0.1-B20150707.1612 and F1-V2 through 1.1-B20150708.1646 devices. There is Remote Code Execution in the management interface via the formSysCmd sysCmd parameter. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed...

CVE-2019-19824

On certain TOTOLINK Realtek SDK based routers, an authenticated attacker may execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI syscmd.htm is not available. This allows for full control over the device's internals. This affects A3002RU through...

CVE-2019-19824

On certain TOTOLINK Realtek SDK based routers, an authenticated attacker may execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI syscmd.htm is not available. This allows for full control over the device's internals. This affects A3002RU through...

NEC Aterm WG1200HP OS Command Injection Vulnerability (CNVD-2019-01098)

The NEC Aterm WG1200HP is a wireless router from Nippon Electric NEC. An operating system command injection vulnerability exists in the NEC Aterm WG1200HP with firmware version 1.0.31 and earlier. The vulnerability can be exploited to execute arbitrary operating system commands with the...

CVE-2018-0625

Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via formSysCmd parameter...

CVE-2018-20057

An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 and DIR-605L Rev.B 2.12B1 devices. goform/formSysCmd allows remote authenticated users to execute arbitrary OS commands via the sysCmd POST parameter...

PT-2018-3890 · D Link · D-Link Dir-605L +1

Name of the Vulnerable Software and Affected Versions: D-Link DIR-619L version 2.06B1 D-Link DIR-605L version 2.12B1 Description: An issue was discovered in the /bin/boa component of D-Link DIR-619L and DIR-605L devices. The goform/formSysCmd endpoint allows remote authenticated users to execute...