CVE-2022-36309

Airspan AirVelocity 1500 software versions prior to 15.18.00.2511 have a root command injection vulnerability in the ActiveBank parameter of the recoverySubmit.cgi script running on the eNodeB's web management UI. This issue may affect other AirVelocity and AirSpeed models...

CVE-2022-36309

Airspan AirVelocity 1500 software versions prior to 15.18.00.2511 have a root command injection vulnerability in the ActiveBank parameter of the recoverySubmit.cgi script running on the eNodeB's web management UI. This issue may affect other AirVelocity and AirSpeed models...

CVE-2022-36309

CVE-2022-36309 affects Airspan AirVelocity 1500 (and possibly AirSpeed models) with versions prior to 15.18.00.2511. The vuln is a root command injection in the ActiveBank parameter of recoverySubmit.cgi running on the eNodeB web management UI. Impact is associated with potential full compromise ...

Airspan AirVelocity 1500 安全漏洞

The Airspan AirVelocity 1500 is a revolutionary indoor high-performance small cell from Airspan USA. Designed to bring public access LTE networks to indoor spaces A security vulnerability exists in versions prior to Airspan AirVelocity 1500 15.18.00.2511, which stems from NET-SNMP-EXTEND-MIB bein...

PT-2022-23304 · Airspan · Airspan Airvelocity 1500

Name of the Vulnerable Software and Affected Versions: Airspan AirVelocity 1500 versions prior to 15.18.00.2511 Description: The issue is related to a root command injection vulnerability in the ActiveBank parameter of the recoverySubmit.cgi script, which runs on the eNodeB's web management UI...

CVE-2022-36265

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Hidden system command web page. After performing a reverse engineering of the firmware, it was discovered that a hidden page not listed in the administration management interface allows a user to execute Linux commands on the devi...

The vulnerability of the UART console of the TP-Link TL-WR840N EU microprogramming software allows a hacker to execute arbitrary commands on behalf of the root user.

The vulnerability of the UART console of the TP-Link TL-WR840N EU router’s microprogramming software lies in the absence of authentication procedures. Exploiting this vulnerability allows a hacker to execute arbitrary commands on behalf of the root user...

Cisco Small Business 缓冲区错误漏洞

Cisco Small Business is a switch from Cisco USA. The Cisco Small Business router suffers from a buffer error vulnerability that originates from an authenticated, remote attacker utilizing its web-based management interface to insufficiently validate the user field in incoming HTTP packets. An...

CVE-2022-20890

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of...

CVE-2022-20876

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of...

CVE-2022-20897

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of...

CVE-2022-29560

A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions 2.15.1, RUGGEDCOM ROX MX5000RE All versions 2.15.1, RUGGEDCOM ROX RX1400 All versions 2.15.1, RUGGEDCOM ROX RX1500 All versions 2.15.1, RUGGEDCOM ROX RX1501 All versions 2.15.1, RUGGEDCOM ROX RX1510 All versions 2.15.1,...

CVE-2022-20828

A vulnerability in the CLI parser of Cisco FirePOWER Software for Adaptive Security Appliance ASA FirePOWER module could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected ASA FirePOWER module as the root user. This vulnerabilit...

PT-2022-3059 · Cisco · Cisco Firepower Services Software For Asa +1

Name of the Vulnerable Software and Affected Versions: Cisco FirePOWER Services Software for ASA affected versions not specified Description: The issue is related to improper handling of undefined command parameters in the CLI parser of Cisco FirePOWER Software for Adaptive Security Appliance ASA...

PT-2022-10193 · Apache · Apache Hadoop

Name of the Vulnerable Software and Affected Versions: Apache Hadoop versions 2.2.0 through 2.10.1 Apache Hadoop versions 3.0.0-alpha1 through 3.1.4 Apache Hadoop versions 3.2.0 through 3.2.2 Apache Hadoop versions 3.3.0 through 3.3.1 Description: A user who can escalate to yarn user can possibly...

CVE-2022-30311

In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-refresh-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection...

CVE-2022-30308

In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-on" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection...

CVE-2022-30310

In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-acknerr-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection...

Festo Controller CECC-X-M1 操作系统命令注入漏洞

The Festo Controller CECC-X-M1 is a series of controller devices from Festo, Germany. An operating system command injection vulnerability exists in the Festo Controller CECC-X-M1. An attacker could use this vulnerability to execute system commands with root privileges...

CVE-2022-30309

In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-off" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection...