The vulnerability of the command-line interface of the Cisco Data Center Network Manager allows a attacker to execute arbitrary commands with root privileges on the basic operating system.

The vulnerability of the command-line interface of the Cisco Data Center Network Manager system is related to insufficient restrictions during the execution of vulnerable CLI commands. Exploiting this vulnerability allows an attacker to execute arbitrary commands with root privileges on the basic...

The vulnerability of the syntax analyzer in the Cisco NX-OS network operating system allows a hacker to execute arbitrary commands with root privileges.

The vulnerability of the syntax analyzer in Cisco NX-OS exists due to insufficient checking of input data. Exploiting this vulnerability could allow an attacker to execute arbitrary commands with root privileges...

Red Lion N-Tron 702-W/702M12-W Unspecified Interface Vulnerability

The Red Lion N-Tron 702-W/702M12-W is a high voltage Ethernet switch product. An undocumented interface vulnerability exists in the Red Lion N-Tron 702-W/702M12-W, which can be exploited by an attacker to submit a special request to execute arbitrary commands with ROOT privileges...

Hardcoded credentials

GateManager versions prior to 9.2c, The affected product contains a hard-coded credential for telnet, allowing an unprivileged attacker to execute commands as root...

CVE-2020-5760

Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to an OS command injection vulnerability. Unauthenticated remote attackers can execute arbitrary commands as root by crafting a special configuration file and sending a crafted SIP message...

CVE-2020-5757

Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can bypass command injection mitigations and execute commands as the root user by sending a crafted HTTP POST to the UCM's "New" HTTPS API...

PT-2020-5249 · Net Snmp +5 · Net-Snmp +5

Name of the Vulnerable Software and Affected Versions: Net-SNMP versions prior to 5.8 Description: The issue is related to improper privilege management in the Net-SNMP software. It allows SNMP WRITE access to the EXTEND MIB, which can be exploited to run arbitrary commands as root. This could...

CVE-2020-3277

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected...

CVE-2020-3212

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges on the underlying operating system of an affected device. The vulnerability is due to improper input sanitization. An attacker could exploit this...

CVE-2020-9423

LogicalDoc before 8.3.3 could allow an attacker to upload arbitrary files, leading to command execution or retrieval of data from the database. LogicalDoc provides a functionality to add documents. Those documents could then be used for multiple tasks, such as version control, shared among users,...

CVE-2019-11355

An issue was discovered in Poly formerly Polycom HDX 3.1.13. A feature exists that allows the creation of a server / client certificate, or the upload of the user certificate, on the administrator's page. The value received from the user is the factor value of a shell script on the equipment. By...

Multiple vulnerabilities in OpenBlocks IoT VX2

Overview OpenBlocks IoT VX2 provided by Plat'Home Co., Ltd. contains multiple vulnerabilities. Masahiro Murashima and Genta Kataoka of IERAE SECURITY INC. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...

Cisco Firepower 4100 Series and Firepower 9300 Security Appliances FXOS Software Operating System Command Injection Vulnerability (CNVD-2020-14817)

The Cisco Firepower 4100 Series and the Cisco Firepower 9300 Security Appliance are both products of Cisco Corporation.The Cisco Firepower 9300 Security Appliance is a 9300 Series security appliance.The Cisco FXOS Software is a set of firewall software that runs in the Cisco Security Appliance.Th...

PT-2020-1990 · Cisco +1 · Cisco Fxos +1

Name of the Vulnerable Software and Affected Versions: Cisco FXOS Software affected versions not specified Description: A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a...

CVE-2020-5534

Aterm WG2600HS firmware Ver1.3.2 and earlier allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via unspecified vectors...

CVE-2020-5524

Aterm series Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier allows an attacker on the same network segment to execute arbitrary OS commands with root privileges via UPnP function...

The vulnerability of D-Link DIR-818Lx, DIR-822, DIR-823, DIR-859, DIR-865L, DIR-868L, DIR-869, DIR-880L, DIR-890L/R, DIR-885L/R, and DIR-895L/R routers stems from the failure to address the issue of eliminating special elements used in the operating system’s command set. This allows attackers to execute arbitrary commands on behalf of the root user in the target system.

The vulnerability of D-Link DIR-818Lx, DIR-822, DIR-823, DIR-859, DIR-865L, DIR-868L, DIR-869, DIR-880L, DIR-890L/R, DIR-885L/R, and DIR-895L/R routers exists due to the lack of measures taken to neutralize the special elements used in the operating system’s commands. Exploiting this vulnerabilit...

CVE-2020-6760

Schmid ZI 620 V400 VPN 090 routers allow an attacker to execute OS commands as root via shell metacharacters to an entry on the SSH subcommand menu, as demonstrated by ping...

CVE-2019-15711

A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to run system commands under root privilege via injecting specially crafted "ExportLogs" type IPC client requests to the fctsched process...

CVE-2020-1605

When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon JDHCPD process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv4 packets who may then arbitrarily execute commands as root on the target device. This...