PT-2023-30012 · Totolink · Totolink X6000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK X6000R version 9.4.0cu.652 B20230116 Description: The issue is related to a remote command execution RCE vulnerability. It is exploited via the sub 41D494 function. Recommendations: For TOTOLINK X6000R version 9.4.0cu.652 B20230116,...

TOTOLINK X6000R Command Injection Vulnerability

The TOTOLINK X6000R is a wireless router from China's Gion Electronics TOTOLINK. A security vulnerability exists in the TOTOLINK X6000R v9.4.0cu.652B20230116 version that stems from a remote command execution vulnerability in the method in the sub41D494 location...

CVE-2023-46420

TOTOLINK X6000R v9.4.0cu.652B20230116 was discovered to contain a remote command execution RCE vulnerability via the sub41590C function...

CVE-2023-46415

The CVE-2023-46415 entry concerns TOTOLINK X6000R, affected version 9.4.0cu.652_B20230116, with a remote command execution (RCE) vulnerability exploitable via the sub_41E588 function. Documents indicate impact is high, with potential unauthorized command execution affecting confidentiality, integ...

CVE-2023-46422

TOTOLINK X6000R v9.4.0cu.652B20230116 was discovered to contain a remote command execution RCE vulnerability via the sub411994 function...

CVE-2023-46421

TOTOLINK X6000R v9.4.0cu.652B20230116 was discovered to contain a remote command execution RCE vulnerability via the sub411D00 function...

CVE-2023-46414

Summary (CVE-2023-46414) TOTOLINK X6000R firmware 9.4.0cu.652_B20230116 is affected by a remote command execution (RCE) vulnerability that is triggered through the sub_41D494 function. The vulnerability’s root cause and impact are described across multiple sources; the CVSS metrics indicate a cri...

CVE-2023-46423

Summary: CVE-2023-46423 affects TOTOLINK X6000R devices, specifically version 9.4.0cu.652_B20230116, with a remote command execution vulnerability exposed via the sub_417094 function. The NVD entry rates the impact as high to critical (CVSSv3.1: base 9.8, network attack vector, no user interactio...

CVE-2023-46421

CVE-2023-46421 affects TOTOLINK X6000R, version 9.4.0cu.652_B20230116, with a remote command execution (RCE) vulnerability in the routine at the sub_411D00 function. The available sources describe an RCE impact with high/critical potential (per CVSS metrics in the record) but do not provide rollb...

PT-2023-30016 · Totolink · Totolink X6000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK X6000R version 9.4.0cu.652 B20230116 Description: A remote command execution issue was discovered via the sub 412688 function, allowing for potential exploitation. Recommendations: For TOTOLINK X6000R version 9.4.0cu.652 B20230116,...

PT-2023-30020 · Totolink · Totolink X6000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK X6000R version 9.4.0cu.652 B20230116 Description: The issue is related to a remote command execution RCE vulnerability. It is exploited via the sub 411D00 function. Recommendations: For TOTOLINK X6000R version 9.4.0cu.652 B20230116, ...

The vulnerability of the ping diagnostic function of the microprogrammed routing software Connectize G6 AC2100 allows a hacker to execute arbitrary commands.

The vulnerability of the ping diagnostic function of the microprogramming software for the Connectize G6 AC2100 router is due to deficiencies in the authentication process. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

PT-2023-28853 · Aruba · Clearpass Policy Manager

Name of the Vulnerable Software and Affected Versions: ClearPass Policy Manager affected versions not specified Description: A vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A...

CVE-2023-33839

IBM Security Verify Governance 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 256036...

CVE-2023-33839

CVE-2023-33839 affects IBM Security Verify Governance 10.0. An authenticated remote attacker could execute arbitrary commands on the system by sending a specially crafted request. Multiple connected sources (Red Hat, CNVD, PT-Security, CVE listings) corroborate command-injection-like behavior tie...

PT-2023-9141 · Owlet · Owlet Cam

Name of the Vulnerable Software and Affected Versions: Owlet Cam versions v1 and v2 Description: A command injection vulnerability exists in the IOCTL that manages OTA updates, allowing a specially crafted command to lead to command execution as the root user. An attacker can make authenticated...

PT-2023-8373 · Ibm · Ibm Security Verify Governance

Name of the Vulnerable Software and Affected Versions: IBM Security Verify Governance version 10.0 Description: The issue is related to insufficient checking of arguments passed to a command, allowing a remote authenticated attacker to execute arbitrary commands on the system by sending a special...

The vulnerability of the httpd Manage_request function in the microprogramming-based industrial Wi-Fi routers Yifan YF325 allows a hacker to execute arbitrary code.

The vulnerability of the httpd nextpage function in the microprogramming-based industrial Wi-Fi routers Yifan YF325 relates to reading data outside the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the httpd next_page function in the microprogramming software of industrial Wi-Fi routers Yifan YF325 allows a hacker to execute arbitrary commands.

The vulnerability of the httpd nextpage function in the microprogramming-based industrial Wi-Fi routers Yifan YF325 relates to reading data outside the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of Weintek’s cMT3000 HMI Web CGI panel’s microprogramming software arises from the lack of measures taken to neutralize special elements used in the operating system commands. This vulnerability allows a perpetrator to execute arbitrary commands.

The vulnerability of Weintek cMT3000 HMI Web CGI operator panels exists due to the lack of measures taken to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability can allow a malicious actor to execute arbitrary commands remotely...