The vulnerability of the SetOnlineDevName() function in the microprogramming software for wireless Wi-Fi routers Tenda AX12 allows a hacker to execute arbitrary commands.

The vulnerability of the SetOnlineDevName function in the Tenda AX12 wireless Wi-Fi router software lies in the lack of measures taken to sanitize input data during the processing of the mac parameter. Exploiting this vulnerability could allow an attacker to execute arbitrary commands remotely...

The vulnerability of the Telnet protocol implementation in Wi-Fi routers powered by Tenda AX3 software allows a hacker to execute arbitrary commands.

The vulnerability of the Telnet protocol implementation in Wi-Fi routers powered by Tenda AX3 software lies in the lack of measures to neutralize special elements during the processing of the /goform/telnet request. Exploiting this vulnerability allows a remote attacker to execute arbitrary...

PT-2023-30395 · Draytek · Draytek Vigor167

Name of the Vulnerable Software and Affected Versions: DrayTek Vigor167 version 5.2.2 Description: An OS Command Injection in the CLI interface allows remote attackers to execute arbitrary system commands and escalate privileges via any account created within the web interface. Recommendations: F...

The vulnerability of the OSPF Handler component in the Ubiquiti EdgeRouter software allows a hacker to execute arbitrary commands.

The vulnerability of the OSPF Handler component in the Ubiquiti EdgeRouter microprogramming software exists due to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the Static Routing Configuration Handler component in the Ubiquiti EdgeRouter software allows a attacker to execute arbitrary commands.

The vulnerability of the Static Routing Configuration Handler component in Ubiquiti EdgeRouter software exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

The vulnerability of the Traffic Analyzer – Statistical function in the microprogramming software for Wi-Fi routers from ASUS’ RT-AC86U allows a hacker to execute arbitrary commands or cause service failures.

The vulnerability of the Traffic Analyzer – Statistical function in ASUS’ Wi-Fi router software, the RT-AC86U, exists due to the lack of measures taken to neutralize certain components. Exploiting this vulnerability could allow a remote attacker to execute arbitrary commands or cause service...

The vulnerability of the NAT Configuration Handler component in the Ubiquiti EdgeRouter software allows a hacker to execute arbitrary commands.

The vulnerability of the NAT Configuration Handler component in Ubiquiti EdgeRouter software exists due to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the wanStat_detail function in the microprogramming software for ASUS RT-AC86U routers allows a hacker to execute arbitrary commands or cause service failures.

The vulnerability of the wanStatdetail function in the Wi-Fi router software of ASUS RT-AC86U exists due to the lack of measures to neutralize specific components. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands or cause service failures...

CVE-2023-49409

Tenda AX3 V16.03.12.11 was discovered to contain a Command Execution vulnerability via the function /goform/telnet...

CVE-2023-49406

Tenda W30E V16.01.0.124843 was discovered to contain a Command Execution vulnerability via the function /goform/telnet...

CVE-2023-33413

The configuration functionality in the Intelligent Platform Management Interface IPMI baseboard management controller BMC implementation on Supermicro X11 and M11 based devices, with firmware versions through 3.17.02, allows remote authenticated users to execute arbitrary commands...

CVE-2023-33413

The configuration functionality in the Intelligent Platform Management Interface IPMI baseboard management controller BMC implementation on Supermicro X11 and M11 based devices, with firmware versions through 3.17.02, allows remote authenticated users to execute arbitrary commands...

CVE-2023-33412

The web interface in the Intelligent Platform Management Interface IPMI baseboard management controller BMC implementation on Supermicro X11 and M11 based devices, with firmware versions before 3.17.02, allows remote authenticated users to execute arbitrary commands via a crafted request targetin...

CVE-2023-33412

The web interface in the Intelligent Platform Management Interface IPMI baseboard management controller BMC implementation on Supermicro X11 and M11 based devices, with firmware versions before 3.17.02, allows remote authenticated users to execute arbitrary commands via a crafted request targetin...

ConQuest Dicom Server 1.5.0d Remote Command Execution

!/usr/bin/env python3 --------------------------------------------------------- preauth rce poc for ConQuest Dicom Server 1.5.0d --------------------------------------------------------- 04.08.2023 @ 22:07 code610 blogspot com import socket target = '192.168.56.106' rport = 5678 pkt1 =...

ConQuest Dicom Server 1.5.0d Remote Command Execution Exploit

!/usr/bin/env python3 --------------------------------------------------------- preauth rce poc for ConQuest Dicom Server 1.5.0d --------------------------------------------------------- 04.08.2023 @ 22:07 code610 blogspot com import socket target = '192.168.56.106' rport = 5678 pkt1 =...

PT-2023-8803 · Supermicro · Supermicro X11

Name of the Vulnerable Software and Affected Versions: Supermicro X11 and M11 based devices versions prior to 3.17.02 Description: The web interface in the Intelligent Platform Management Interface IPMI baseboard management controller BMC implementation allows remote authenticated users to execut...

CVE-2023-33413

The PT-Security entry for CVE-2023-33413 details a flaw in Supermicro IPMI BMC on X11/M11 devices up to firmware 3.17.02. The root cause is hardcoded configuration file encryption keys used by the IPMI BMC config function, enabling remote authenticated users to craft/upload a malicious configurat...

PT-2023-24338 · Supermicro · Supermicro X11

Name of the Vulnerable Software and Affected Versions: Supermicro X11 and M11 based devices versions through 3.17.02 Description: The configuration functionality in the Intelligent Platform Management Interface IPMI baseboard management controller BMC implementation allows remote authenticated...

The vulnerability of the authentication function of ASUS RT-AX55 router’s microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the authentication function of ASUS RT-AX55 router software exists due to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...