21 matches found
EUVD-2024-19400
Malicious code in bioql PyPI...
EUVD-2024-25201
Malicious code in bioql PyPI...
EUVD-2024-25199
Malicious code in bioql PyPI...
CVE-2024-28026
Three OS command injection vulnerabilities exist in the web interface I/O configuration functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these...
MC LR Router and GoCast unpatched vulnerabilities
Cisco Talos' Vulnerability Research team recently discovered two vulnerabilities in MC Technologies LR Router and three vulnerabilities in the GoCast service. These vulnerabilities have not been patched at time of this posting. For Snort coverage that can detect the exploitation of these...
CVE-2024-28025
Three OS command injection vulnerabilities exist in the web interface I/O configuration functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these...
CVE-2024-28027
Three OS command injection vulnerabilities exist in the web interface I/O configuration functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these...
CVE-2024-21786
An OS command injection vulnerability exists in the web interface configuration upload functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2024-28027
Three OS command injection vulnerabilities exist in the web interface I/O configuration functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these...
CVE-2024-28025
The CVE covers three OS command injection flaws (CVE-2024-28025, -28026, -28027) in MC Technologies MC LR Router 2.10.5’s web interface I/O configuration. An authenticated HTTP request can craft params btn1, out1, or timer1 to inject commands into a root-level system() call, enabling arbitrary co...
CVE-2024-28026
Three OS command injection vulnerabilities exist in the web interface I/O configuration functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these...
CVE-2024-28026
MC Technologies MC LR Router 2.10.5 contains three authenticated OS command injection flaws in the web interface I/O configuration (io) endpoint. The decompiled code shows input from attacker-controlled parameters btn1, out1, and timer1 being unsafely embedded into shell commands executed with ro...
CVE-2024-28027
MC Technologies MC LR Router 2.10.5 exposes three OS command injection flaws in the web interface I/O configuration CGI (/cgi-bin/p/adm/io). An authenticated HTTP request can reach three parameters—btn1 , out1 , and timer1 —where attacker-controlled values are directly passed to system calls, res...
CVE-2024-28026
Three OS command injection vulnerabilities exist in the web interface I/O configuration functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these...
MC Technologies MC LR Router 操作系统命令注入漏洞
MC Technologies MC LR Router is a router from MC Technologies, Germany. An operating system command injection vulnerability exists in MC Technologies MC LR Router version 2.10.5, which stems from an OS command injection in the I/O configuration function of the web interface, which could lead to...
MC Technologies MC LR Router 操作系统命令注入漏洞
MC Technologies MC LR Router is a router from the German company MC Technologies. An operating system command injection vulnerability exists in MC Technologies MC LR Router version 2.10.5, which stems from an OS command injection in the configuration upload function of the web interface and could...
PT-2024-22222 · Unknown · Mc Lr Router
Name of the Vulnerable Software and Affected Versions: MC LR Router version 2.10.5 Description: The issue concerns OS command injection vulnerabilities in the web interface I/O configuration functionality. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can...
PT-2024-22220 · Unknown · Mc Lr Router
Name of the Vulnerable Software and Affected Versions: MC LR Router version 2.10.5 Description: The issue concerns OS command injection vulnerabilities in the web interface I/O configuration functionality. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can...
MC Technologies MC LR Router web interface I/O configuration OS command injection vulnerabilities
Talos Vulnerability Report TALOS-2024-1953 MC Technologies MC LR Router web interface I/O configuration OS command injection vulnerabilities November 21, 2024 CVE Number CVE-2024-28027,CVE-2024-28025,CVE-2024-28026 SUMMARY Three OS command injection vulnerabilities exist in the web interface I/O...
PT-2024-22221 · Unknown · Mc Lr Router
Name of the Vulnerable Software and Affected Versions: MC LR Router version 2.10.5 Description: The issue is related to OS command injection vulnerabilities in the web interface I/O configuration functionality. A specially crafted HTTP request can lead to arbitrary command execution. An attacker...