621 matches found
CVE-2024-36445
Swissphone DiCal-RED 4009 devices allow a remote attacker to gain a root shell via TELNET without authentication...
CVE-2022-27486
A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiDDoS version 5.5.0 through 5.5.1, 5.4.2 through 5.4.0, 5.3.0 through 5.3.1, 5.2.0, 5.1.0, 5.0.0, 4.7.0, 4.6.0 and 4.5.0 and FortiDDoS-F version 6.3.0 through 6.3.1, 6.2.0 through 6.2.2, 6.1...
CVE-2024-41692 Incorrect Access Control Vulnerability
This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to presence of root terminal access on a serial interface without proper access control. An attacker with physical access could exploit this by accessing the root shell on the vulnerable system. Successful exploitation of this...
CVE-2024-41692 Incorrect Access Control Vulnerability
This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to presence of root terminal access on a serial interface without proper access control. An attacker with physical access could exploit this by accessing the root shell on the vulnerable system. Successful exploitation of this...
PT-2024-29513 · Syrotech · Sy-Gpon-1110-Wdont Router
Name of the Vulnerable Software and Affected Versions: SyroTech SY-GPON-1110-WDONT Router affected versions not specified Description: The issue exists due to the presence of root terminal access on a serial interface without proper access control. An attacker with physical access could exploit...
Exploit for Code Injection in Vmware Cloud_Foundation
CVE-2024-22274 Exploit This repository contains an exploit fo...
Exploit for Code Injection in Vmware Cloud_Foundation
CVE-2024-22274 - Run and input host ip, port, username and p...
Openmediavault Remote Code Execution / Local Privilege Escalation Exploit
Openmediavault versions prior to 7.0.32 have a vulnerability that occurs when users in the web-admin group enter commands on the crontab by selecting the root shell. As a result of exploiting the vulnerability, authenticated web-admin users can run commands with root privileges and receive revers...
Ray OS v2.6.3 - Command Injection RCE(Unauthorized)
Exploit Title: Ray OS v2.6.3 - Command Injection RCEUnauthorized Description: The Ray Project dashboard contains a CPU profiling page, and the format parameter is not validated before being inserted into a system command executed in a shell, allowing for arbitrary command execution. If the system...
CVE-2024-28354
There is a command injection vulnerability in the TRENDnet TEW-827DRU router with firmware version 2.10B01. An attacker can inject commands into the post request parameters usapps.@smb%d.username in the apply.cgi interface, thereby gaining root shell privileges...
TRENDnet TEW-827DRU Security Vulnerability
The TRENDnet TEW-827DRU is a wireless router from TRENDnet. A security vulnerability exists in firmware version 2.10B01 of the TRENDnet TEW-827DRU, which stems from the presence of a command injection vulnerability that could allow an attacker to gain root shell privileges via command injection...
PT-2024-20291 · Telefonica · Movistar 4G Router
Name of the Vulnerable Software and Affected Versions: Movistar 4G router version S WLD71-T1 v2.0.201820 Description: The issue concerns an unprotected primary channel on the Movistar 4G router, which has the 'adb' service open on port 5555. This provides access to a shell with root privileges,...
Exploit for Out-of-bounds Write in Polkit_Project Polkit
CVE-2021-4034 One day for the polkit privilege escalation expl...
Exploit for OS Command Injection in Tp-Link Archer_Vr1600V_Firmware
Archer TP-Link VR1600V Router Local Remote Command Execution E...
Exploit for Path Traversal in Cisco Sd-Wan_Vbond_Orchestrator
CVE-2022-20818: Local Privilege Escalation via Partial File Re...
CVE-2023-44373
Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell. Follow-up of CVE-2022-36323...
CVE-2023-41255
The vulnerability allows an unprivileged user with access to the subnet of the TPC-110W device to gain a root shell on the device itself abusing the lack of authentication of the ‘su’ binary file installed on the device that can be accessed through the ADB Android Debug Bridge protocol exposed on...
Authentication flaw
The vulnerability allows an unprivileged user with access to the subnet of the TPC-110W device to gain a root shell on the device itself abusing the lack of authentication of the ‘su’ binary file installed on the device that can be accessed through the ADB Android Debug Bridge protocol exposed on...
CVE-2023-41255
The vulnerability allows an unprivileged user with access to the subnet of the TPC-110W device to gain a root shell on the device itself abusing the lack of authentication of the ‘su’ binary file installed on the device that can be accessed through the ADB Android Debug Bridge protocol exposed on...
CVE-2023-41255
CVE-2023-41255 affects the TPC-110W device (Bosch context appears in sources). The issue allows an unprivileged user with subnet access to obtain a root shell by abusing the lack of authentication of the su binary exposed via ADB (Android Debug Bridge). The connected documents provide this core t...