Kerlink KerOS 安全漏洞

Kerlink KerOS is an operating system from the French company Kerlink. A security vulnerability exists in Kerlink KerOS versions prior to 5.12 that stems from the wmp-agent service not properly validating magic URLs, which could allow an unauthenticated remote attacker to execute arbitrary OS...

CVE-2024-39148

CVE-2024-39148 affects KerOS prior to 5.12. The issue is in the wmp-agent service, which does not properly validate the so‑called ‘magic URLs’, allowing an unauthenticated attacker to execute arbitrary OS commands as root if the service is reachable over the network. Documents from Red Hat, ENISA...

CVE-2025-65202

TRENDnet TEW-657BRM 1.00.1 has an authenticated remote OS command injection vulnerability in the setup.cgi binary, exploitable via the HTTP parameters "command", "todo", and "nextfile," which allows an attacker to execute arbitrary commands with root privileges...

CVE-2025-65202

TRENDnet TEW-657BRM 1.00.1 has an authenticated remote OS command injection vulnerability in the setup.cgi binary, exploitable via the HTTP parameters "command", "todo", and "nextfile," which allows an attacker to execute arbitrary commands with root privileges...

PT-2025-47891

CERT/CC Warns of Unpatched Root-Level Command Injection Flaws in Tenda 4G03 Pro and N300 Routers CVE-2025-13207, CVE-2024-24481 https://t.co/ZUXQixklyd...

EUVD-2025-175370

A vulnerability was found in Alaga Home Security WiFi Camera 3K model S-CW2503C-H with hardware version V03 and firmware version 1.4.2, which allows physical attackers to execute commands as root via script file with a specific name on a SD card...

CVE-2025-55810

A vulnerability was found in Alaga Home Security WiFi Camera 3K model S-CW2503C-H with hardware version V03 and firmware version 1.4.2, which allows physical attackers to execute commands as root via script file with a specific name on a SD card...

CVE-2025-55810

A vulnerability was found in Alaga Home Security WiFi Camera 3K model S-CW2503C-H with hardware version V03 and firmware version 1.4.2, which allows physical attackers to execute commands as root via script file with a specific name on a SD card...

CVE-2025-20349

A vulnerability in the REST API of Cisco Catalyst Center could allow an authenticated, remote attacker to execute arbitrary commands in a restricted container as the root user. This vulnerability is due to insufficient validation of user-supplied input in REST API request parameters. An attacker...

CVE-2022-50596

D-Link DIR-1260 Wi-Fi router firmware versions up to and including v1.20B05 contain a command injection vulnerability within the web management interface that allows for unauthenticated attackers to execute arbitrary commands on the device with root privileges. The flaw specifically exists within...

CVE-2025-20354

A vulnerability in the Java Remote Method Invocation RMI process of Cisco Unified CCX could allow an unauthenticated, remote attacker to upload arbitrary files and execute arbitrary commands with root permissions on an affected system. This vulnerability is due to improper authentication mechanis...

CVE-2025-20354

A vulnerability in the Java Remote Method Invocation RMI process of Cisco Unified CCX could allow an unauthenticated, remote attacker to upload arbitrary files and execute arbitrary commands with root permissions on an affected system. This vulnerability is due to improper authentication mechanis...

Cisco IOS XE Software HTTP API Command Injection (cisco-sa-ios-xe-cmd-inject-rPJM8BGL)

According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability. This vulnerability is due to insufficient input validation. An attacker with administrative privileges could exploit this vulnerability by authenticating to an affected system and performing an API call...

CVE-2025-8432 CentreonBI user account on the MBI server can execute commands as root by modifying script runned by the CRON

Incorrect Default Permissions vulnerability in Centreon Infra Monitoring MBI modules allows Embedding Scripts within Scripts by CentreonBI user account on the MBI server This issue affects Infra Monitoring: from 24.10.0 before 24.10.6, from 24.04.0 before 24.04.9, from 23.10.0 before 23.10.15...

Reolink Video Doorbell WiFi DB_566128M5MP_W 安全漏洞

Reolink Video Doorbell WiFi DB566128M5MPW is a visual doorbell from Reolink USA. A security vulnerability exists in Reolink Video Doorbell WiFi DB566128M5MPW, which originates from an unprotected UART serial console, and could allow a physically accessible attacker to execute arbitrary commands...

CVE-2025-41699

Phoenix Contact CHARX SEC-3xxx charging controllers are affected by CVE-2025-41699. The vulnerability is a code injection (CWE-94) that an attacker with a low-privileged remote account for the Web-based management can exploit to change system configuration and perform a root command injection, co...

EUVD-2016-10792

AVTECH devices that include the CloudSetup.cgi management endpoint are vulnerable to authenticated OS command injection. The exefile parameter in CloudSetup.cgi is passed to the underlying system command execution without proper validation or whitelisting. An authenticated attacker who can invoke...

CVE-2016-15047

CVE-2016-15047 (AVTECH CloudSetup.cgi): Authenticated OS command injection via the exefile parameter in CloudSetup.cgi. The parameter is passed to system command execution without proper validation/whitelisting, enabling an authenticated attacker to run arbitrary commands as root and potentially ...

EUVD-2020-24482

Malware in sbrugna...

EUVD-2017-4149

Malware in sbrugna...