CVE-2019-12511 Root Command Injection via MAC Address in SOAP API

In NETGEAR Nighthawk X10-R9000 prior to 1.0.4.26, an attacker may execute arbitrary system commands as root by sending a specially-crafted MAC address to the "NETGEAR Genie" SOAP endpoint at AdvancedQoS:GetCurrentBandwidthByMAC. Although this requires QoS being enabled, advanced QoS being enabled...

CVE-2020-5524

Aterm series Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier allows an attacker on the same network segment to execute arbitrary OS commands with root privileges via UPnP function...

CVE-2020-5534

Aterm WG2600HS firmware Ver1.3.2 and earlier allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via unspecified vectors...

The vulnerability of D-Link DIR-818Lx, DIR-822, DIR-823, DIR-859, DIR-865L, DIR-868L, DIR-869, DIR-880L, DIR-890L/R, DIR-885L/R, and DIR-895L/R routers stems from the failure to address the issue of eliminating special elements used in the operating system’s command set. This allows attackers to execute arbitrary commands on behalf of the root user in the target system.

The vulnerability of D-Link DIR-818Lx, DIR-822, DIR-823, DIR-859, DIR-865L, DIR-868L, DIR-869, DIR-880L, DIR-890L/R, DIR-885L/R, and DIR-895L/R routers exists due to the lack of measures taken to neutralize the special elements used in the operating system’s commands. Exploiting this vulnerabilit...

CVE-2020-6760

Schmid ZI 620 V400 VPN 090 routers allow an attacker to execute OS commands as root via shell metacharacters to an entry on the SSH subcommand menu, as demonstrated by ping...

CVE-2019-15711

A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to run system commands under root privilege via injecting specially crafted "ExportLogs" type IPC client requests to the fctsched process...

PT-2020-6506

Name of the Vulnerable Software and Affected Versions EyesOfNetwork version 5.3 Description The issue is related to insufficient access control in the /etc/sudoers component of the EyesOfNetwork EON system and network monitoring tool. This can be exploited to escalate privileges, allowing an...

DrayTek Vigor Series Arbitrary Command Execution Vulnerability

The DrayTek Vigor300B is an enterprise-class router. The DrayTek Vigor300B cgi-bin/mainfunction.cgi URI fails to properly handle SHELL characters, which can be exploited by a remote attacker to submit a special request to execute arbitrary commands with ROOT privileges...

CVE-2020-1605

When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon JDHCPD process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv4 packets who may then arbitrarily execute commands as root on the target device. This...

CVE-2020-1609

When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon JDHCPD process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv6 packets who may then arbitrarily execute commands as root on the target device. This...

CVE-2019-17621

The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network...

PT-2019-4530 · D Link · D-Link Dir-895L/R +10

Name of the Vulnerable Software and Affected Versions: D-Link DIR-818Lx versions not specified D-Link DIR-822 versions not specified D-Link DIR-823 versions not specified D-Link DIR-859 versions 1.05 through 1.06B01 Beta01 D-Link DIR-865L versions not specified D-Link DIR-868L versions not...

Unspecified vulnerability in ezmaster

ezmaster is a tool for managing Docker applications and instances. A security vulnerability exists in ezmaster that can be exploited by an attacker to execute commands as the root user...

CVE-2017-12945

Insufficient validation of user-supplied input for the Solstice Pod before 2.8.4 networking configuration enables authenticated attackers to execute arbitrary commands as root...

The vulnerability of the command-line interface (CLI) of the Cisco TelePresence Collaboration Endpoint (CE) software allows a attacker to execute arbitrary commands with root privileges.

The vulnerability of the command-line interface CLI of Cisco TelePresence Collaboration Endpoint CE software relates to privilege management errors. Exploiting this vulnerability allows an attacker to execute arbitrary commands with root privileges...

Cisco TelePresence Collaboration Endpoint Software Elevation of Privilege Vulnerability (CNVD-2019-37411)

Cisco TelePresence is a Cisco TelePresence solution. A security vulnerability exists in Cisco TelePresence Collaboration Endpoint CE versions prior to 9.8.1 due to insufficient input validation. An attacker can exploit the vulnerability to be able to execute commands with root privileges by...

USN-4154-1 sudo vulnerability

Joe Vennix discovered that Sudo incorrectly handled certain user IDs. An attacker could potentially exploit this to execute arbitrary commands as the root user...

CVE-2019-17509

D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary OS commands as root by leveraging admin access and sending a /HNAP1/ request for SetMasterWLanSettings with shell metacharacters to /squashfs-root/www/HNAP1/control/SetMasterWLanSettings.php...

The vulnerability of the multi-connection mode of the Microprogrammable Network Interface Device Firepower Threat Defense (FTD) allows a attacker to exit the container for their own instance of FTD and execute arbitrary commands with root privileges.

The vulnerability of the multi-connection mode of the Firepower Threat Defense FTD software relates to security configuration errors. Exploiting this vulnerability allows an attacker to execute arbitrary commands with root privileges from within the FTD instance...

The vulnerability of the configuration utility in the Cisco IMC software for remote server management, which allows a attacker to execute arbitrary commands with root privileges or cause service interruptions.

The vulnerability of the configuration tool of the Cisco IMC software for remote server management by Cisco Integrated Management Controller arises from an operation that goes beyond the buffer limits in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands...