CVE-2021-21888

An OS command injection vulnerability exists in the Web Manager SslGenerateCertificate functionality of Lantronix PremierWave 2050 8.9.0.0R4 in QEMU. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this...

CVE-2021-21881

An OS command injection vulnerability exists in the Web Manager Wireless Network Scanner functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

Command injection

An OS command injection vulnerability exists in the Web Manager SslGenerateCSR functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2021-21888

The CVE-2021-21888 issue affects Lantronix PremierWave 2050 Web Manager SslGenerateCertificate. TALOS details show the Web Manager builds an OpenSSL-related certificate generation command by concatenating user-supplied HTTP POST fields (e.g., c, st, l, o, ou, cn, expires) into a command string ex...

CVE-2021-21883

Lantronix PremierWave 2050 Web Manager Diagnostics: Ping is affected by an OS command injection (CVE-2021-21883). A specially crafted authenticated HTTP request can trigger execution of arbitrary OS commands with root privileges via the unsanitized host parameter used to build the nd ic6 command,...

CVE-2021-21881

An OS command injection vulnerability exists in the Web Manager Wireless Network Scanner functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2021-21882

CVE-2021-21882 is an OS command injection in Lantronix PremierWave 2050 Web Manager FsUnmount. The Talos report details an authenticated attacker who can submit a crafted HTTP request to trigger arbitrary OS commands via unsanitized input used in two system calls (to /sbin/ltrx_usb_umount and mou...

CVE-2021-21881

Lantronix PremierWave 2050 firmware 8.9.0.0R4 contains an OS command injection in the Web Manager Wireless Network Scanner. A specially crafted, authenticated HTTP request can trigger command execution, potentially enabling arbitrary commands and device compromise. The NUCLEI template confirms re...

CVE-2021-21882

An OS command injection vulnerability exists in the Web Manager FsUnmount functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2021-21872

CVE-2021-21872 affects Lantronix PremierWave 2050 Web Manager Diagnostics: Traceroute. The Talos report documents an OS command injection in the traceroute functionality (8.9.0.0R4) where an authenticated HTTP request builds and executes a system command (traceroute with user-controlled protocol ...

CVE-2021-21881

An OS command injection vulnerability exists in the Web Manager Wireless Network Scanner functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. Recent...

OS Command Injection

laravel/framework is vulnerable to OS command injection. The vulnerability exists through Filesystem.php where the 'link' function does not properly escape the arguments, allowing an attacker to inject arbitrary OS commands...

mySCADA myPRO

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: mySCADA Equipment: myPRO Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Use of Password Hash with Insufficient Computational Effort, Hidden Functionality, OS Command...

CVE-2020-19316

The CVE-2020-19316 entry describes an OS command injection in Laravel Framework’s Filesystem.php, specifically in the link() function, affecting versions before 5.8.17. Evidence from multiple sources confirms the vulnerability affects Laravel’s file linking logic, enabling an attacker to inject a...

CVE-2020-8105 Command Execution due to unsanitized input

OS Command Injection vulnerability in the wirelessConnect handler of Abode iota All-In-One Security Kit allows an attacker to inject commands and gain root access. This issue affects: Abode iota All-In-One Security Kit versions prior to 1.0.2.236.9Vdevt2homekitRF2.0.19s2kvsABODE oz...

Acronis: [forum.acronis.com] JNDI Code Injection due an outdated log4j component

Vulnerability description not provided...

CVE-2021-42912

FiberHome ONU GPON AN5506-04-F RP2617 is affected by an OS command injection vulnerability. This vulnerability allows the attacker, once logged in, to send commands to the operating system as the root user via the ping diagnostic tool, bypassing the IP address field, and concatenating OS commands...

CVE-2021-42912

FiberHome ONU GPON AN5506-04-F RP2617 is affected by an OS command injection vulnerability. This vulnerability allows the attacker, once logged in, to send commands to the operating system as the root user via the ping diagnostic tool, bypassing the IP address field, and concatenating OS commands...

CVE-2021-42912

CVE-2021-42912 affects FiberHome ONU GPON AN5506-04-F RP2617. The vulnerability is an OS command injection: after login, an attacker can send OS commands as root through the ping diagnostic tool by bypassing the IP field and chaining commands with a semicolon. The CVSSv3 base score is 8.8 (HIGH) ...

meterN 1.2.3 Remote Command Execution

!-- meterN v1.2.3 Authenticated Remote Command Execution Vulnerability Vendor: Jean-Marc Louviaux Product web page: https://www.metern.org Affected version: 1.2.3 and 0.8.3.2 Summary: meterN is a set of PHP/JS files that make a -Home energy metering & monitoring- solution. It accept any meters li...