Critical RCE Vulnerability Uncovered in Juniper SRX Firewalls and EX Switches

Juniper Networks has released updates to fix a critical remote code execution RCE vulnerability in its SRX Series firewalls and EX Series switches. The issue, tracked as CVE-2024-21591, is rated 9.8 on the CVSS scoring system. "An out-of-bounds write vulnerability in J-Web of Juniper Networks Jun...

Command injection

TOTOlink EX1800T V9.1.0cu.2112B20220316 was discovered to contain a remote command execution RCE vulnerability via the telnetenabled parameter of the setTelnetCfg interface...

CVE-2023-49569 Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients

A path traversal vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to create and amend files across the filesystem. In the worse case scenario, remote code execution could be achieved. Applications are only affected if they are using the ChrootO...

CVE-2023-49569 Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients

A path traversal vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to create and amend files across the filesystem. In the worse case scenario, remote code execution could be achieved. Applications are only affected if they are using the ChrootO...

Exploit for Files or Directories Accessible to External Parties in Apache Struts

CVE-2023-50164 Apache Struts path traversal to RCE vulnerabil...

CVE-2024-21591

CVE-2024-21591 is an out-of-bounds write vulnerability in Juniper Networks Junos OS J-Web affecting SRX Series and EX Series. An unauthenticated, network-based attacker can cause a Denial of Service or Remote Code Execution and obtain root privileges on affected devices. The flaw stems from use o...

CVE-2024-21591 Junos OS: SRX Series and EX Series: Security Vulnerability in J-web allows a preAuth Remote Code Execution

An Out-of-bounds Write vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to cause a Denial of Service DoS, or Remote Code Execution RCE and obtain root privileges on the device. This issue is caused by use of an...

CVE-2023-52026

CVE-2023-52026 affects TOTOLINK EX1800T (firmware v9.1.0cu.2112_B20220316). The root cause is a vulnerability in the telnet_enabled parameter of the setTelnetCfg interface which fails to properly filter commands, enabling remote command execution over the network. Documented impact is remote code...

Dual Zero-Day Threats in Ivanti Connect Secure and Policy Secure Gateways – CVE-2023-46805 and CVE-2024-21887

In recent and alarming cybersecurity developments, Volexity researchers have discovered that attackers are exploiting two distinct zero-day vulnerabilities in a coordinated manner to enable unauthenticated remote code execution RCE. These vulnerabilities are identified as CVE-2023-46805 and...

CVE-2023-52028

TOTOlink A3700R v9.1.2u.5822B20200513 was discovered to contain a remote command execution RCE vulnerability via the setTracerouteCfg function...

Command injection

TOTOlink A3700R v9.1.2u.5822B20200513 was discovered to contain a remote command execution RCE vulnerability via the setTracerouteCfg function...

Command injection

TOTOlink A3700R v9.1.2u.5822B20200513 was discovered to contain a remote command execution RCE vulnerability via the setOpModeCfg function...

CVE-2023-52029

TOTOlink A3700R v9.1.2u.5822B20200513 was discovered to contain a remote command execution RCE vulnerability via the setDiagnosisCfg function...

CVE-2023-52029

TOTOlink A3700R v9.1.2u.5822B20200513 was discovered to contain a remote command execution RCE vulnerability via the setDiagnosisCfg function...

CVE-2023-52027

CVE-2023-52027 affects TOTOLINK A3700R (v9.1.2u.5822_B20200513). The NTPSyncWithHost function allows remote command execution due to insufficient filtering of constructed commands, enabling arbitrary commands to be run by an attacker with network access. Public sources corroborate RCE via NTPSync...

CVE-2023-52032

TOTOlink EX1200T V4.1.2cu.5232B20210713 was discovered to contain a remote command execution RCE vulnerability via the "main" function...

CVE-2023-52027

TOTOlink A3700R v9.1.2u.5822B20200513 was discovered to contain a remote command execution RCE vulnerability via the NTPSyncWithHost function...

CVE-2023-52029

TOTOLINK A3700R (v9.1.2u.5822_B20200513) contains a remote command execution (RCE) in the setDiagnosisCfg function. The issue arises from improper handling/filtering of constructed command characters, enabling arbitrary command execution. Affected component: setDiagnosisCfg; impact: remote comman...

CVE-2023-52030

TOTOlink A3700R v9.1.2u.5822B20200513 was discovered to contain a remote command execution RCE vulnerability via the setOpModeCfg function...

CVE-2023-52031

TOTOlink A3700R v9.1.2u.5822B20200513 was discovered to contain a remote command execution RCE vulnerability via the UploadFirmwareFile function...