CVE-2023-36650

A missing integrity check in the update system in ProLion CryptoSpike 3.0.15P2 allows attackers to execute OS commands as the root Linux user on the host system via forged update packages...

PT-2023-25654 · Prolion · Prolion Cryptospike

Name of the Vulnerable Software and Affected Versions: ProLion CryptoSpike version 3.0.15P2 Description: A missing integrity check in the update system allows attackers to execute OS commands as the root Linux user on the host system via forged update packages. Recommendations: For ProLion...

Cisco Firepower Management Center and Cisco Firepower Threat Defense Security Vulnerabilities

Cisco Firepower Management Center FMC and Cisco Firepower Threat Defense FTD are both products of Cisco, Inc. Cisco Firepower Management Center is the next-generation firewall management center software. Cisco Firepower Threat Defense is a unified set of software that provides next-generation...

The vulnerability in the web interface and command-line interface of the Cisco Email Security Appliance security system for Cisco AsyncOS operating systems allows a malicious user to execute arbitrary commands from the root user.

The vulnerability in the web interface and the command-line interface of the Cisco Email Security Appliance security system for Cisco AsyncOS operating systems is related to improper validation of the loaded configuration file for the SNMP protocol. Exploiting this vulnerability allows a maliciou...

CVE-2023-45208

A command injection in the parsingxmlstasurvey function inside libcgifunc.so of the D-Link DAP-X1860 repeater 1.00 through 1.01b05-01 allows attackers within range of the repeater to run shell commands as root during the setup process of the repeater, via a crafted SSID. Also, network names...

CVE-2023-36618

Atos Unify OpenScape Session Border Controller through V10 R3.01.03 allows execution of OS commands as root user by low-privileged authenticated users...

CVE-2023-36618

Atos Unify OpenScape Session Border Controller through V10 R3.01.03 allows execution of OS commands as root user by low-privileged authenticated users...

Cisco Intersight 命令注入漏洞

Cisco Intersight is an application platform from Cisco, Inc. It provides a level of intelligent management that enables IT organizations to analyze, simplify, and automate their environments in a more advanced way than previous generations of tools. A command injection vulnerability exists in the...

CVE-2023-35861

A shell-injection vulnerability in email notifications on Supermicro motherboards such as H12DST-B before 03.10.35 allows remote attackers to inject execute arbitrary commands as root on the BMC...

Design/Logic Flaw

CasaOS is an open-source Personal Cloud system. Due to a lack of IP address verification an unauthenticated attackers can execute arbitrary commands as root on CasaOS instances. The problem was addressed by improving the detection of client IP addresses in 391dd7f. This patch is part of CasaOS...

CasaOS 访问控制错误漏洞

CasaOS is a simple, easy-to-use and elegant open source home cloud system. An Access Control Error vulnerability exists in CasaOS versions prior to 0.4.4 that stems from a lack of authenticated IP addresses. An attacker can exploit the vulnerability to execute arbitrary commands as root...

CVE-2023-32621

WL-WN531AX2 firmware versions prior to 2023526 allows an attacker with an administrative privilege to upload arbitrary files and execute OS commands with the root privilege...

PT-2023-23917 · Unknown · Wl-Wn531Ax2

Name of the Vulnerable Software and Affected Versions: WL-WN531AX2 firmware versions prior to 2023526 Description: The issue allows an attacker with administrative privilege to upload arbitrary files and execute OS commands with the root privilege. Recommendations: For WL-WN531AX2 firmware versio...

PT-2023-23918 · Unknown · Wl-Wn531Ax2

Name of the Vulnerable Software and Affected Versions: WL-WN531AX2 versions prior to 2023526 Description: The issue is related to the improper neutralization of special elements in the firmware, allowing an attacker with administrative privileges to execute OS commands with root privileges...

The vulnerability in the web interface for managing microprogrammed software routers of Cisco Small Business RV320 and RV325 allows a hacker to execute arbitrary commands on the device.

The vulnerability of the web-based management interfaces for Cisco Small Business RV320 and RV325 routers is related to insufficient verification of data entered by users. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands on behalf of the root user in the...

Multiple vulnerabilities in WAVLINK WL-WN531AX2

Overview WL-WN531AX2 provided by WAVLINK contains multiple vulnerabilities listed below. Client-side enforcement of server-side security CWE-602 - CVE-2023-32612 Exposure of resource to wrong sphere CWE-668 - CVE-2023-32613 Improper authentication CWE-287 - CVE-2023-32620 Unrestricted upload of...

VulnCheck KEV: CVE-2019-17621

D-Link DIR-859 router contains a command execution vulnerability in the UPnP endpoint URL, /gena.cgi. Exploitation allows an unauthenticated remote attacker to execute system commands as root by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local...

CVE-2023-33869 Enphase Envoy OS Command Injection

Enphase Envoy versions D7.0.88 is vulnerable to a command injection exploit that may allow an attacker to execute root commands...

PT-2023-24523 · Enphase · Enphase Envoy

Name of the Vulnerable Software and Affected Versions: Enphase Envoy version D7.0.88 Description: The issue allows an attacker to execute root commands due to a command injection exploit. Recommendations: For Enphase Envoy version D7.0.88, consider disabling or restricting access to the vulnerabl...

CVE-2023-31746

There is a command injection vulnerability in the adslr VW2100 router with firmware version M1DV1.0. An unauthenticated attacker can exploit the vulnerability to execute system commands as the root user...