CVE-2025-1036

Command injection vulnerability exists in the “Logging” page of the web-based configuration utility. An authenticated user with low privileged network access for the configuration utility can execute arbitrary commands on the underlying OS to obtain root SSH access to the TropOS 4th Gen device...

Milesight UR32L 操作系统命令注入漏洞

The Milesight UR32L is a 4G industrial router from China's Milesight. The Milesight UR32L vtyshubus toolshexcute.constprop.1 feature suffers from a command injection vulnerability that can be exploited by an attacker to execute arbitrary commands on the system...

Milesight UR32L 缓冲区错误漏洞

The Milesight UR32L is a 4G industrial router from China-based Milesight. A security vulnerability exists in the Milesight UR32L version v32.3.0.5, which stems from the use of an insecure sprintf pattern. An attacker could exploit the vulnerability to cause a buffer overflow via a specially craft...

Remote Command Execution Vulnerability in a Process in ZTE's 4G Baseband System

ZTE Microelectronics is committed to providing total solutions for 3G/4G terminals, offering baseband processors, RF, application processors, power supply chips and other products. A remote command execution vulnerability exists in a process of ZTE's 4G baseband system, which allows an attacker t...

Unauthorized Access Vulnerability in Longchamp U9300W, U9507C 4G Modules

LongSun Technology Shanghai Co., Ltd. is a supplier of IoT modules and solutions. An unauthorized access vulnerability exists in the U9300W and U9507C 4G modules of Longchamp Technology. An attacker can exploit the vulnerability to obtain root privileges...