Netgate pfSense CE Command Injection Vulnerability (CNVD-2018-26996)

Netgate pfSense CE is the United States Netgate company's set of free open source FreeBSD-based firewall and router software. A command injection vulnerability exists in the 'powerdnormalmode' parameter in Netgate pfSense CE version 2.4.4-RELEASE, which can be exploited by an attacker to execute...

CVE-2018-4019

An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to send authenticated...