CVE-2023-36618

Atos Unify OpenScape Session Border Controller through V10 R3.01.03 allows execution of OS commands as root user by low-privileged authenticated users...

CVE-2023-43477

The pingfrom parameter of pingtracerte.cgi in the web UI of Telstra Smart Modem Gen 2 Arcadyan LH1000, firmware versions 0.18.15r, was not properly sanitized before being used in a system call, which could allow an authenticated attacker to achieve command injection as root on the device...

Cisco Intersight 命令注入漏洞

Cisco Intersight is an application platform from Cisco, Inc. It provides a level of intelligent management that enables IT organizations to analyze, simplify, and automate their environments in a more advanced way than previous generations of tools. A command injection vulnerability exists in the...

Deciso OPNsense Path Traversal Vulnerability

Deciso OPNsense is a suite of FreeBSD-based open source firewall and routing software from Dutch company Deciso. A path traversal vulnerability exists in OPNsense versions prior to 23.7, which stems from a directory traversal vulnerability in the Captive Portal template. An attacker can exploit...

CVE-2023-35861

A shell-injection vulnerability in email notifications on Supermicro motherboards such as H12DST-B before 03.10.35 allows remote attackers to inject execute arbitrary commands as root on the BMC...

Design/Logic Flaw

CasaOS is an open-source Personal Cloud system. Due to a lack of IP address verification an unauthenticated attackers can execute arbitrary commands as root on CasaOS instances. The problem was addressed by improving the detection of client IP addresses in 391dd7f. This patch is part of CasaOS...

CasaOS 访问控制错误漏洞

CasaOS is a simple, easy-to-use and elegant open source home cloud system. An Access Control Error vulnerability exists in CasaOS versions prior to 0.4.4 that stems from a lack of authenticated IP addresses. An attacker can exploit the vulnerability to execute arbitrary commands as root...

CVE-2023-32622

Improper neutralization of special elements in WL-WN531AX2 firmware versions prior to 2023526 allows an attacker with an administrative privilege to execute OS commands with the root privilege...

CVE-2023-32621

WL-WN531AX2 firmware versions prior to 2023526 allows an attacker with an administrative privilege to upload arbitrary files and execute OS commands with the root privilege...

PT-2023-23918 · Unknown · Wl-Wn531Ax2

Name of the Vulnerable Software and Affected Versions: WL-WN531AX2 versions prior to 2023526 Description: The issue is related to the improper neutralization of special elements in the firmware, allowing an attacker with administrative privileges to execute OS commands with root privileges...

PT-2023-23917 · Unknown · Wl-Wn531Ax2

Name of the Vulnerable Software and Affected Versions: WL-WN531AX2 firmware versions prior to 2023526 Description: The issue allows an attacker with administrative privilege to upload arbitrary files and execute OS commands with the root privilege. Recommendations: For WL-WN531AX2 firmware versio...

The vulnerability in the web interface for managing microprogrammed software routers of Cisco Small Business RV320 and RV325 allows a hacker to execute arbitrary commands on the device.

The vulnerability of the web-based management interfaces for Cisco Small Business RV320 and RV325 routers is related to insufficient verification of data entered by users. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands on behalf of the root user in the...

Multiple vulnerabilities in WAVLINK WL-WN531AX2

Overview WL-WN531AX2 provided by WAVLINK contains multiple vulnerabilities listed below. Client-side enforcement of server-side security CWE-602 - CVE-2023-32612 Exposure of resource to wrong sphere CWE-668 - CVE-2023-32613 Improper authentication CWE-287 - CVE-2023-32620 Unrestricted upload of...

VulnCheck KEV: CVE-2019-17621

D-Link DIR-859 router contains a command execution vulnerability in the UPnP endpoint URL, /gena.cgi. Exploitation allows an unauthenticated remote attacker to execute system commands as root by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local...

CVE-2023-33869 Enphase Envoy OS Command Injection

Enphase Envoy versions D7.0.88 is vulnerable to a command injection exploit that may allow an attacker to execute root commands...

PT-2023-24523 · Enphase · Enphase Envoy

Name of the Vulnerable Software and Affected Versions: Enphase Envoy version D7.0.88 Description: The issue allows an attacker to execute root commands due to a command injection exploit. Recommendations: For Enphase Envoy version D7.0.88, consider disabling or restricting access to the vulnerabl...

CVE-2023-31746

There is a command injection vulnerability in the adslr VW2100 router with firmware version M1DV1.0. An unauthenticated attacker can exploit the vulnerability to execute system commands as the root user...

Adslr VW2100 命令注入漏洞

The Adslr VW2100 is a router from Flying Fish Star Technology Adslr, Chengdu, China. A security vulnerability exists in the Adslr VW2100 M1DV version 1.0. An attacker exploited the vulnerability to execute system commands as root user...

CVE-2023-32347

Teltonika’s Remote Management System versions prior to 4.10.0 use device serial numbers and MAC addresses to identify devices from the user perspective for device claiming and from the device perspective for authentication. If an attacker obtained the serial number and MAC address of a device, th...

CVE-2023-20183

Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. For more information about these...