34 matches found
CVE-2026-4170
A weakness has been identified in Topsec TopACM 3.0. Affected by this vulnerability is an unknown functionality of the file /view/systemConfig/management/nmcsync.php of the component HTTP Request Handler. Executing a manipulation of the argument templatepath can lead to os command injection. The...
CVE-2023-7304
Ruijie RG-UAC Application Management Gateway contains a command injection vulnerability via the 'nmcsync.php' interface. An unauthenticated attacker able to reach the affected endpoint can inject shell commands via crafted request data, causing the application to execute arbitrary commands on the...
CVE-2023-7304
Ruijie RG-UAC Application Management Gateway contains a command injection vulnerability via the 'nmcsync.php' interface. An unauthenticated attacker able to reach the affected endpoint can inject shell commands via crafted request data, causing the application to execute arbitrary commands on the...
CVE-2023-7304 Ruijie RG-UAC nmc_sync.php Command Injection
Ruijie RG-UAC Application Management Gateway contains a command injection vulnerability via the 'nmcsync.php' interface. An unauthenticated attacker able to reach the affected endpoint can inject shell commands via crafted request data, causing the application to execute arbitrary commands on the...
Ruijie RG-UAC Application Management Gateway 安全漏洞
Ruijie RG-UAC Application Management Gateway is an Internet behavior management security gateway from Ruijie. A security vulnerability exists in the Ruijie RG-UAC Application Management Gateway, which is caused by a command injection in the nmcsync.php interface, which could lead to the execution...
VulnCheck KEV: CVE-2023-7304
Ruijie RG-UAC Application Management Gateway contains a command injection vulnerability via the 'nmcsync.php' interface. An unauthenticated attacker able to reach the affected endpoint can inject shell commands via crafted request data, causing the application to execute arbitrary commands on the...
CVE-2025-48395
An attacker with authenticated and privileged access could modify the contents of a non-sensitive file by traversing the path in the limited shell of the CLI. This security issue has been fixed in the latest version of NMC G2 which is available on the Eaton download center...
CVE-2025-48395
CVE-2025-48395 affects Eaton NMC G2. The issue allows an attacker with authenticated privileged access to modify the contents of a non-sensitive file by traversing a path in the CLI’s limited shell. Root cause: path traversal in the restricted CLI shell. Impact is limited to file contents modific...
CVE-2025-48395
An attacker with authenticated and privileged access could modify the contents of a non-sensitive file by traversing the path in the limited shell of the CLI. This security issue has been fixed in the latest version of NMC G2 which is available on the Eaton download center...
CVE-2025-48395
An attacker with authenticated and privileged access could modify the contents of a non-sensitive file by traversing the path in the limited shell of the CLI. This security issue has been fixed in the latest version of NMC G2 which is available on the Eaton download center...
PT-2025-36115
Name of the Vulnerable Software and Affected Versions: NMC G2 affected versions not specified Description: An attacker with authenticated and privileged access could modify the contents of a non-sensitive file by traversing the path in the limited shell of the CLI. Recommendations: At the moment,...
CVE-2021-22813
A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC pointing to an edit policy file. Affected Products:...
CVE-2021-22812
A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC. Affected Products: 1-Phase Uninterruptible Power...
CVE-2021-22810
A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC pointing to a delete policy file. Affected Products:...
Cross site scripting
A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC pointing to an edit policy file. Affected Products:...
Cross site scripting
A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC. Affected Products: 1-Phase Uninterruptible Power...
CVE-2021-22813
CVE-2021-22813 is a Cross‑Site Scripting (CWE-79) vulnerability affecting Schneider Electric NMC/NMC2/NMC3 devices across UPS, PDU, and related network cards. A privileged user can trigger arbitrary script execution by clicking a malicious URL referencing an edit policy file. The connected docume...
CVE-2021-22810
Schneider Electric NMC/NMC2/NMC3 devices are affected by CWE-79 Cross-site Scripting. A malicious URL can trigger script execution on privileged accounts when targeting delete policy or similar web pages. Affected products span NMC2/NMC3-based UPS, PDU, and related components (e.g., NMC2 AOS v6.9...
CVE-2021-22810
A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC pointing to a delete policy file. Affected Products:...
Schneider Electric Nmc Embedded Devices 跨站脚本漏洞
The Schneider Electric Nmc Embedded Devices are a type of Nmc Embedded Devices from Schneider Electric France. A cross-site scripting vulnerability exists in Schneider Electric Nmc Embedded Devices and NMC Embedded Devices that can be exploited by an attacker to execute arbitrary script...