Cambium Networks cnMaestro OS Command Injection Vulnerability (CNVD-2022-64235)

Cambium Networks cnMaestro is a cloud-based or native software platform from Cambium Networks for secure end-to-end network control. Cambium Networks cnMaestro suffers from an operating system command injection vulnerability that can be exploited by an attacker to gain root privileges...

Vulnerability fixed in Zyxel ATP, USG and VPN products

Zyxel has fixed a vulnerability in products from its ATP, USG and VPN product line. An unauthenticated malicious person with access to the management interface could exploit the vulnerability to execute arbitrary code under privileges of the nobody-user. Exploit code for the vulnerability is...

PT-2022-11758 · Anaconda3 · Anaconda3

Name of the Vulnerable Software and Affected Versions: Anaconda3 version 2021.05 Description: The issue concerns OS command injection. When a user installs Anaconda, an attacker can create a new file and write something in usercustomize.py. This allows the execution of commands when the user open...

smalruby and smalruby-editor vulnerable to OS Command Injection

smalruby-editor prior to 0.4.1 and smalruby prior to 0.1.11 allows remote attackers to execute arbitrary OS commands via unspecified vectors...

smalruby and smalruby-editor vulnerable to OS Command Injection

smalruby-editor prior to 0.4.1 and smalruby prior to 0.1.11 allows remote attackers to execute arbitrary OS commands via unspecified vectors...

CVE-2022-26042

An OS command injection vulnerability exists in the daretools binary functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability...

CVE-2022-26042

An OS command injection vulnerability exists in the daretools binary functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability...

CVE-2022-26420

An OS command injection vulnerability exists in the console infactoryport functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability...

Command injection

An OS command injection vulnerability exists in the console infactorywlan functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability...

CVE-2022-26518

MODE C InRouter302 (InHand Networks) OS command injection vulnerability exists in the console infactory_net functionality (V3.5.37). TALOS-2022-1501 shows the net_functionality path parses a first argument and optionally a second; when the second argument is supplied as part of the test branch, i...

CVE-2022-26518

An OS command injection vulnerability exists in the console infactorynet functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability...

CVE-2022-26420

An OS command injection vulnerability exists in the console infactoryport functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability...

CVE-2022-26420

CVE-2022-26420 affects InHand Networks InRouter302 (V3.5.37). TALOS notes an OS command injection in the console infactory_port, where unvalidated input can be passed to system to execute arbitrary commands. The InRouter302 exposes a factory/console flow that allows constructing command strings (...

CVE-2022-26085

An OS command injection vulnerability exists in the httpd wlscanASP functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2022-26085

An OS command injection vulnerability exists in the httpd wlscanASP functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2022-26085

InRouter302 (InHand Networks) V3.5.4 contains an OS command injection in the httpd wlscan_ASP function. TALOS-2022-1473 documents that an authenticated HTTP request can trigger arbitrary command execution via the wlscan_ASP path, using nvram-derived values and popen to execute system commands. CV...

CVE-2022-26075

CVE-2022-26075 affects InHand Networks InRouter302 (V3.5.37). A vulnerability in the console’s wlan_functionality (infactory_wlan) allows OS command injection via an unsanitized third argument, which is passed to system(). An attacker with access to the wlan/factory mode could execute arbitrary c...

CVE-2022-26042

InRouter302 (InHand) with firmware 3.5.4 has an OS command-injection in the daretools binary. TALOS-2022-1478 shows the HTTP server and a debug inhand function enabling a user with a hard-coded password to run the daretools binary, which then accepts lines; if a line starts with a or r, it calls ...

CVE-2022-26007

An OS command injection vulnerability exists in the console factory functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability...

CVE-2022-26007

CVE-2022-26007 corresponds to an InHand InRouter302 OS command injection in the console factory. A privileged user can pass a crafted token to the factory command (via iwpriv) that is concatenated and passed to system(), enabling arbitrary command execution. Talos details show potential chainabil...