CVE-2026-48694

FastNetMon Community Edition through 1.2.9 contains a configuration injection vulnerability in the Juniper router integration plugin. In src/juniperplugin/fastnetmonjuniper.php, the $IPATTACK variable received from argv1 is directly interpolated into Juniper NETCONF set-configuration commands at...

FastNetMon 安全漏洞

FastNetMon is a high-performance DDoS detector/sensor developed by Pavel Odintsov, based on multiple packet capture engines. Versions of FastNetMon prior to 1.2.9 contain security vulnerabilities. These vulnerabilities stem from the lack of validation or cleaning of IP address variables in the...

PT-2026-43354

Name of the Vulnerable Software and Affected Versions FastNetMon Community Edition versions prior to 1.3.0 Description A configuration injection issue exists in the Juniper router integration plugin. In the file src/juniper plugin/fastnetmon juniper.php, the variable IP ATTACK received from argv1...

CVE-2026-48687

FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the Juniper router integration plugin. The log function in src/juniperplugin/fastnetmonjuniper.php lines 117-118 constructs shell commands by concatenating the $msg parameter directly into exec calls:...

CVE-2026-48694

FastNetMon Community Edition through 1.2.9 contains a configuration injection vulnerability in the Juniper router integration plugin. In src/juniperplugin/fastnetmonjuniper.php, the $IPATTACK variable received from argv1 is directly interpolated into Juniper NETCONF set-configuration commands at...

CVE-2026-48687

FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the Juniper router integration plugin. The log function in src/juniperplugin/fastnetmonjuniper.php lines 117-118 constructs shell commands by concatenating the $msg parameter directly into exec calls:...

CVE-2026-48687

CVE-2026-48687 affects FastNetMon Community Edition up to 1.2.9, specifically the Juniper router integration plugin. The OS command injection stems from the PHP file src/juniper_plugin/fastnetmon_juniper.php (log function) which builds shell commands by concatenating unsanitized user data from ar...

CVE-2026-48694

CVE-2026-48694 affects FastNetMon Community Edition up to 1.2.9 via the Juniper router integration plugin. The vulnerability arises because the variable $IP_ATTACK (from argv[1]) is directly interpolated into NETCONF set-configuration commands without validation, allowing an attacker-controlled I...

CVE-2026-48687

FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the Juniper router integration plugin. The log function in src/juniperplugin/fastnetmonjuniper.php lines 117-118 constructs shell commands by concatenating the $msg parameter directly into exec calls:...

CVE-2026-48694

FastNetMon Community Edition through 1.2.9 contains a configuration injection vulnerability in the Juniper router integration plugin. In src/juniperplugin/fastnetmonjuniper.php, the $IPATTACK variable received from argv1 is directly interpolated into Juniper NETCONF set-configuration commands at...

Juniper Junos OS Vulnerability (JSA96453)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA96453 advisory. - A Heap-based Buffer Overflow vulnerability in the flexible PIC concentrator FPC of Juniper Networks Junos OS on EX2300, EX3400, EX4100, EX4300, EX4300MP, EX4400, EX4600,...

Juniper Junos OS Vulnerability (JSA100078)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA100078 advisory. - An Improper Access Control vulnerability in the User Interface UI of Juniper Networks Junos OS allows a local, low-privileged attacker to bring down an interface, leading...

Juniper Junos OS Vulnerability (JSA83015)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA83015 advisory. - An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon RPD of Juniper Networks Junos OS and Junos OS Evolved allows an attacker sendin...

Juniper Junos OS Multiple Vulnerabilities (JSA88135)

The version of Junos OS installed on the remote host is affected by multiple vulnerabilities as referenced in the JSA88135 advisory. - NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that causes an integer...

Juniper Junos OS Vulnerability (JSA79091)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA79091 advisory. - By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients...

Juniper Junos OS Vulnerability (JSA100057)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA100057 advisory. - An Incorrect Permission Assignment for Critical Resource vulnerability in line card script processing of Juniper Networks Junos OS allows a local, low-privileged user to...

CVE-2026-33787

An Improper Check for Unusual or Exceptional Conditions vulnerability in the chassis control daemon chassisd of Juniper Networks Junos OS on SRX1500, SRX4100, SRX4200 and SRX4600 allows a local attacker with low privileges to cause a complete Denial of Service DoS. When a specific 'show chassis'...

CVE-2026-33784

A Use of Default Password vulnerability in the Juniper Networks Support Insights JSI Virtual Lightweight Collector vLWC allows an unauthenticated, network-based attacker to take full control of the device. vLWC software images ship with an initial password for a high privileged account. A change ...

CVE-2026-33771

A Weak Password Requirements vulnerability in the password management function of Juniper Networks CTP OS might allow an unauthenticated, network-based attacker to exploit weak passwords of local accounts and potentially take full control of the device. The password management menu enables the...

CVE-2026-33797

An Improper Input Validation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker, sending a specific genuine BGP packet in an already established BGP session to reset only that session causing a Denial of Service DoS. An attacker repeatedly...