CVE-2021-45837

It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X 4.2.15-2107141517 by sending a specifically crafted input to /tos/index.php?app/del...

TerraMaster FS-210安全漏洞

The Terramaster TerraMaster FS-210 is a NAS Network Attached Storage device from Tumi Electronic Technology Terramaster in Shenzhen, China. A security vulnerability exists in Terramaster F4-210, F2-210 TOS 4.2.X 4.2.15-2107141517, which can be exploited by sending a special command to...

GlobalProtect-Openconnect 安全漏洞

GlobalProtect-Openconnect is a GlobalProtect VPN client GUI for Linux based on OpenConnect and built with Qt5 to support SAML authentication mode. A security vulnerability exists in GlobalProtect-Openconnect, which is caused by GlobalProtect-Openconnect being set up in a way that allows an...

SonicWall SMA 100 Series Authenticated Command Injection Exploit

This Metasploit module exploits an authenticated command injection vulnerability in the SonicWall SMA 100 series web interface. Exploitation results in command execution as root. The affected versions are 10.2.1.2-24sv and below, 10.2.0.8-37sv and below, and 9.0.0.11-31sv and below. This module...

Netgear Nighthawk R6700 授权问题漏洞

The Netgear Nighthawk R6700 is a wireless router from Netgear USA. An authorization issue vulnerability exists in the Netgear Nighthawk R6700 that stems from the product's lack of adequate protection for UART console access. The vulnerability can be exploited by an attacker to execute commands as...

PT-2021-5078 · Cisco · Rv082 +5

Name of the Vulnerable Software and Affected Versions: Cisco Small Business RV016 versions affected versions not specified Cisco Small Business RV042 versions affected versions not specified Cisco Small Business RV042G versions affected versions not specified Cisco Small Business RV082 versions...

128 Technology Session Smart Router 授权问题漏洞

128 Technology Session Smart Router is a router. An authorization issue vulnerability exists in the 128 Technology Session Smart Router that stems from an error in the product's handling of authentication requests. An attacker could bypass authentication and execute arbitrary system commands with...

Aruba ClearPass Policy Manager 路径遍历漏洞

HPE Aruba ClearPass Policy Manager is a network access control NAC solution. A directory traversal vulnerability exists in HPE Aruba ClearPass Policy Manager. An attacker can exploit the vulnerability to execute arbitrary commands on the server as root user, which could result in complete system...

CVE-2021-38557

raspap-webgui in RaspAP 2.6.6 allows attackers to execute commands as root because of the insecure sudoers permissions. The www-data account can execute /etc/raspap/hostapd/enablelog.sh as root with no password; however, the www-data account can also overwrite /etc/raspap/hostapd/enablelog.sh wit...

CVE-2021-38557

raspap-webgui in RaspAP 2.6.6 allows attackers to execute commands as root because of the insecure sudoers permissions. The www-data account can execute /etc/raspap/hostapd/enablelog.sh as root with no password; however, the www-data account can also overwrite /etc/raspap/hostapd/enablelog.sh wit...

CVE-2021-38557

Affected software: raspap-webgui (RaspAP) 2.6.6. Root cause: insecure sudoers permissions permit the www-data user to run /etc/raspap/hostapd/enablelog.sh as root without a password and to overwrite that script with arbitrary executable content. Impact: potential remote code execution as root. Ex...

The vulnerability in the web interface of the Cisco Intersight Virtual Appliance software for managing cloud systems allows a perpetrator to execute arbitrary commands with root privileges.

The vulnerability of the web interface for managing Cisco Intersight Virtual Appliance software exists due to insufficient verification of input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary commands with root privileges remotely...

VulnCheck KEV: CVE-2021-1497

Cisco HyperFlex HX Installer Virtual Machine contains an insufficient input validation vulnerability which could allow an attacker to execute commands on an affected device as the root user...

Fortinet FortiPortal 信任管理问题漏洞

Fortinet FortiPortal is an advanced, feature-rich managed security analysis and management support tool for Fortinet's FortiGate, FortiWiFi, and FortiAP product lines, available as a virtual machine for MSPs.Fortinet FortiPortal has a trust management issue vulnerability, which stems from the...

CVE-2021-20740

Hitachi Virtual File Platform Versions prior to 5.5.3-09 and Versions prior to 6.4.3-09, and NEC Storage M Series NAS Gateway Nh4a/Nh8a versions prior to FOS 5.5.3-08NEC2.5.4a and Nh4b/Nh8b, Nh4c/Nh8c versions prior to FOS 6.4.3-08NEC3.4.2 allow remote authenticated attackers to execute arbitrary...

CVE-2021-1571

Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary commands as a root user on the underlying operating system Conduct a cross-site scripting XSS attac...

CVE-2021-1541

Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary commands as a root user on the underlying operating system Conduct a cross-site scripting XSS attac...

CVE-2021-1542

Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary commands as a root user on the underlying operating system Conduct a cross-site scripting XSS attac...

Multiple vulnerabilities in Buffalo WSR-1166DHP3 and WSR-1166DHP4 routers

Overview Buffalo WSR-1166DHP3 and WSR-1166DHP4 routers provided by Buffalo Inc. contain multiple vulnerabilities listed below. Improper access control CWE-284 - CVE-2021-20730 OS command injection CWE-78 - CVE-2021-20731 Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC...

CVE-2020-21999

iWT Ltd FaceSentry Access Control System 6.4.8 suffers from an authenticated OS command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user via the 'strInIP' POST parameter in pingTest PHP script...