PT-2025-25173 · Archify · Archify

Name of the Vulnerable Software and Affected Versions: Archify affected versions not specified Description: The issue is related to insufficient client validation in the privileged helper tool, com.oct4pie.archifyhelper, which is exposed via XPC. This tool is responsible for privileged operations...

CVE-2024-39345

AdTran 834-5 HDC17600021F1 SmartOS 11.1.1.1 devices enable the SSH service by default and have a hidden, undocumented, hard-coded support account whose password is based on the devices MAC address. All of the devices internet interfaces share a similar MAC address that only varies in their final...

CVE-2024-41308

An issue in the Ping feature of IT Solutions Enjay CRM OS v1.0 allows attackers to escape the restricted terminal environment and gain root-level privileges on the underlying system...

CVE-2024-20359

A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to execute arbitrary code...

CVE-2024-53940

An issue was discovered in Victure RX1800 WiFi 6 Router software ENV1.0.0r12110933, hardware 1.0 devices. Certain /cgi-bin/luci/admin endpoints are vulnerable to command injection. Attackers can exploit this by sending crafted payloads through parameters intended for the ping utility, enabling...

MSP360 Backup insecure filesystem permissions

RISK EVALUATION MSP360 Backup is a data backup and recovery solution. An insecure default permissions vulnerability allows a lower privileged user to execute commands with root level privileges in the 'Online Backup' folder. An attacker could exploit this vulnerability to obtain user...

Cisco Small Business RV Series Routers Command Injection Vulnerability

Multiple Cisco Small Business RV Series Routers contains a command injection vulnerability in the web-based management interface. Successful exploitation could allow an authenticated, remote attacker to gain root-level privileges and access unauthorized data...

CVE-2024-53942

An issue was discovered on NRadio N8-180 NROS-1.9.2.n3.c5 devices. The /cgi-bin/luci/nradio/basic/radio endpoint is vulnerable to command injection via the 2.4 GHz and 5 GHz name parameters, allowing a remote attacker to execute arbitrary OS commands on the device with root-level permissions via...

CVE-2022-20649

A vulnerability in Cisco RCM for Cisco StarOS Software could allow an unauthenticated, remote attacker to perform remote code execution on the application with root-level privileges in the context of the configured container. This vulnerability exists because the debug mode is incorrectly enabled...

CVE-2024-40709

A missing authorization vulnerability allows a local low-privileged user on the machine to escalate their privileges to root level...

The vulnerability of SimpleHelp’s software for remote support lies in the insecure management of privileges, allowing a perpetrator to escalate their privileges.

The vulnerability of SimpleHelp’s software for remote support is related to insecure management of privileges. Exploiting this vulnerability allows a malicious actor to elevate their privileges to the root level...

The vulnerability of Dell PowerScale InsightIQ software for performance monitoring and reporting, related to context switching errors during privilege escalation, allows a perpetrator to elevate their privileges to the root level.

The vulnerability of the Dell PowerScale InsightIQ software for performance monitoring and reporting is related to context switching privilege errors. Exploiting this vulnerability could allow an attacker to elevate their privileges to the root level...

CVE-2024-48122

Insecure default configurations in HI-SCAN 6040i Hitrax HX-03-19-I allow authenticated attackers with low-level privileges to escalate to root-level privileges...

CVE-2024-48122

Insecure default configurations in HI-SCAN 6040i Hitrax HX-03-19-I allow authenticated attackers with low-level privileges to escalate to root-level privileges...

CVE-2024-22461

Dell RecoverPoint for Virtual Machines 6.0.x contains an OS Command injection vulnerability. A low privileged remote attacker could potentially exploit this vulnerability by running any command as root, leading to gaining of root-level access and compromise of complete system...

CVE-2024-22461

Dell RecoverPoint for Virtual Machines 6.0.x contains an OS command injection vulnerability due to improper input validation. A low-privilege remote attacker could execute arbitrary commands as root, potentially compromising the entire system. Mitigation: apply Dell security update referenced as ...

CVE-2024-53937

An issue was discovered on Victure RX1800 WiFi 6 Router software ENV1.0.0r12110933, hardware 1.0 devices. The TELNET service is enabled by default with admin/admin as default credentials and is exposed over the LAN. The allows attackers to execute arbitrary commands with root-level permissions...

CVE-2024-53939

An issue was discovered in Victure RX1800 WiFi 6 Router software ENV1.0.0r12110933, hardware 1.0 devices. The /cgi-bin/luci/admin/opsw/Dualfrequnapple endpoint is vulnerable to command injection through the 2.4 GHz and 5 GHz name parameters, allowing an attacker to execute arbitrary commands on t...

CVE-2024-53937

An issue was discovered on Victure RX1800 WiFi 6 Router software ENV1.0.0r12110933, hardware 1.0 devices. The TELNET service is enabled by default with admin/admin as default credentials and is exposed over the LAN. The allows attackers to execute arbitrary commands with root-level permissions...

CVE-2024-53940

An issue was discovered in Victure RX1800 WiFi 6 Router software ENV1.0.0r12110933, hardware 1.0 devices. Certain /cgi-bin/luci/admin endpoints are vulnerable to command injection. Attackers can exploit this by sending crafted payloads through parameters intended for the ping utility, enabling...