NEC Aterm 安全漏洞

The NEC Aterm is a series of wireless routers from Nippon Electric NEC. A security vulnerability exists in NEC Aterm that originates from allowing an attacker to execute arbitrary operating system commands with root privileges over the Internet. The following products are affected: WG1800HP4,...

PT-2024-22203

Name of the Vulnerable Software and Affected Versions NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX-MS, WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP...

PT-2024-22212

Name of the Vulnerable Software and Affected Versions NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX-MS, WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP...

CVE-2024-26294

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to comple...

Indu-Sol PROFINET-INspektor NT Security Vulnerability

The Indu-Sol PROFINET-INspektor NT is an analysis and test set for PROFINET communication verification, acceptance, quality checking and monitoring from Indu-Sol, Germany. A security vulnerability exists in Indu-Sol PROFINET-INspektor NT version 2.4.0 and earlier, which stems from a command...

CVE-2024-22228

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svccifssupport utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges...

PT-2024-2899 · Dell · Dell Unity

Name of the Vulnerable Software and Affected Versions: Dell Unity versions prior to 5.4 Description: The issue exists due to the lack of neutralization of special elements used in the operating system command by the svc oscheck utility of Dell Unity's microcode. This allows an authenticated...

TELSAT marKoni FM Transmitter 1.9.5 Root Command Injection

!/usr/bin/env python TELSAT marKoni FM Transmitter 1.9.5 Root Command Injection PoC Exploit Vendor: TELSAT Srl Product web page: https://www.markoni.it Affected version: Markoni-D Compact FM Transmitters Markoni-DH Exciter+Amplifiers FM Transmitters Markoni-A Analogue Modulator FM Transmitters...

TELSAT marKoni FM Transmitter 1.9.5 Root Command Injection Exploit

TELSAT marKoni FM Transmitter version 1.9.5 is susceptible to unauthenticated remote code execution with root privileges. An attacker can exploit a command injection vulnerability by manipulating the Email settings' WAN IP info service, which utilizes the wget module. This allows the attacker to...

Hongdian Router H8951-4G-ESP Security Vulnerability

The Hongdian Router H8951-4G-ESP is a wireless router from China Hongdian. A security vulnerability exists in versions prior to Hongdian Router H8951-4G-ESP 2310271149. An attacker can exploit this vulnerability to execute arbitrary commands in a root user environment...

The vulnerability in the Web interface of the Cisco Unity Connection system allows a perpetrator to execute arbitrary commands with root privileges.

The vulnerability of the Cisco Unity Connection messaging system’s web management interface is related to the lack of authentication in the application programming interface. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands with root privileges by loading...

Peplink Balance Security Breach

Peplink Balance is a router from Peplink. A security vulnerability exists in Peplink Balance Two versions prior to 8.4.0, which stems from the use of hard-coded credentials for Console port authentication, allowing an attacker to execute arbitrary commands as root...

CVE-2023-36650

A missing integrity check in the update system in ProLion CryptoSpike 3.0.15P2 allows attackers to execute OS commands as the root Linux user on the host system via forged update packages...

CVE-2023-36650

A missing integrity check in the update system in ProLion CryptoSpike 3.0.15P2 allows attackers to execute OS commands as the root Linux user on the host system via forged update packages...

PT-2023-25654 · Prolion · Prolion Cryptospike

Name of the Vulnerable Software and Affected Versions: ProLion CryptoSpike version 3.0.15P2 Description: A missing integrity check in the update system allows attackers to execute OS commands as the root Linux user on the host system via forged update packages. Recommendations: For ProLion...

Cisco Firepower Management Center and Cisco Firepower Threat Defense Security Vulnerabilities

Cisco Firepower Management Center FMC and Cisco Firepower Threat Defense FTD are both products of Cisco, Inc. Cisco Firepower Management Center is the next-generation firewall management center software. Cisco Firepower Threat Defense is a unified set of software that provides next-generation...

The vulnerability in the web interface and command-line interface of the Cisco Email Security Appliance security system for Cisco AsyncOS operating systems allows a malicious user to execute arbitrary commands from the root user.

The vulnerability in the web interface and the command-line interface of the Cisco Email Security Appliance security system for Cisco AsyncOS operating systems is related to improper validation of the loaded configuration file for the SNMP protocol. Exploiting this vulnerability allows a maliciou...

The vulnerability of the JWT Secret Handler component in the cloud operating system CasaOS allows a attacker to execute arbitrary commands with root privileges.

The vulnerability of the JWT Secret Handler component in the cloud operating system CasaOS is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands with root privileges...

CVE-2023-45208

A command injection in the parsingxmlstasurvey function inside libcgifunc.so of the D-Link DAP-X1860 repeater 1.00 through 1.01b05-01 allows attackers within range of the repeater to run shell commands as root during the setup process of the repeater, via a crafted SSID. Also, network names...

CVE-2023-36618

Atos Unify OpenScape Session Border Controller through V10 R3.01.03 allows execution of OS commands as root user by low-privileged authenticated users...