427 matches found
CVE-2024-53940
CVE-2024-53940 affects Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933; hardware 1.0). Certain /cgi-bin/luci/admin endpoints are vulnerable to command injection; crafted payloads in parameters meant for the ping utility can lead to arbitrary command execution at root. Exploitation is ...
CVE-2024-53939
An issue was discovered in Victure RX1800 WiFi 6 Router software ENV1.0.0r12110933, hardware 1.0 devices. The /cgi-bin/luci/admin/opsw/Dualfrequnapple endpoint is vulnerable to command injection through the 2.4 GHz and 5 GHz name parameters, allowing an attacker to execute arbitrary commands on t...
CVE-2024-53937
Affects Victure RX1800 WiFi 6 Router (EN_V1.0.0_r12_110933, hardware 1.0). TELNET is enabled by default with admin/admin credentials and exposed over the LAN, allowing attackers to execute arbitrary commands with root-level permissions. The TELNET password is dictated by the current GUI password,...
CVE-2024-53939
CVE-2024-53939 affects Victure RX1800 WiFi 6 Router (EN_V1.0.0_r12_110933, hardware 1.0). The endpoint /cgi-bin/luci/admin/opsw/Dual_freq_un_apple is vulnerable to command injection via the 2.4 GHz and 5 GHz name parameters, enabling an attacker to execute arbitrary commands with root-level permi...
CVE-2022-20649
A vulnerability in Cisco RCM for Cisco StarOS Software could allow an unauthenticated, remote attacker to perform remote code execution on the application with root-level privileges in the context of the configured container. This vulnerability exists because the debug mode is incorrectly enabled...
CVE-2022-20652
A vulnerability in the web-based management interface and in the API subsystem of Cisco Tetration could allow an authenticated, remote attacker to inject arbitrary commands to be executed with root-level privileges on the underlying operating system. This vulnerability is due to insufficient inpu...
CVE-2022-20649 Cisco Redundancy Configuration Manager Debug Remote Code Execution Vulnerability
A vulnerability in Cisco RCM for Cisco StarOS Software could allow an unauthenticated, remote attacker to perform remote code execution on the application with root-level privileges in the context of the configured container. This vulnerability exists because the debug mode is incorrectly enabled...
CVE-2022-20649 Cisco Redundancy Configuration Manager Debug Remote Code Execution Vulnerability
A vulnerability in Cisco RCM for Cisco StarOS Software could allow an unauthenticated, remote attacker to perform remote code execution on the application with root-level privileges in the context of the configured container. This vulnerability exists because the debug mode is incorrectly enabled...
CVE-2022-20652 Cisco Tetration Command Injection Vulnerability
A vulnerability in the web-based management interface and in the API subsystem of Cisco Tetration could allow an authenticated, remote attacker to inject arbitrary commands to be executed with root-level privileges on the underlying operating system. This vulnerability is due to insufficient inpu...
CVE-2022-20652 Cisco Tetration Command Injection Vulnerability
A vulnerability in the web-based management interface and in the API subsystem of Cisco Tetration could allow an authenticated, remote attacker to inject arbitrary commands to be executed with root-level privileges on the underlying operating system. This vulnerability is due to insufficient inpu...
Cisco Adaptive Security Appliance Software SSH Remote Command Injection Vulnerability (cisco-sa-asa-ssh-rce-gRAuPEUF)
A vulnerability in the SSH subsystem of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, remote attacker to execute operating system commands as root. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by...
CVE-2024-45242
EnGenius ENH1350EXT A8J-ENH1350EXT devices through 3.9.3.2c1.9.51 allow blind OS Command Injection via shell metacharacters to the Ping or Speed Test utility. During the time of initial setup, the device creates an open unsecured network whose admin panel is configured with the default credential...
CVE-2024-45242
EnGenius ENH1350EXT A8J-ENH1350EXT devices through 3.9.3.2c1.9.51 allow blind OS Command Injection via shell metacharacters to the Ping or Speed Test utility. During the time of initial setup, the device creates an open unsecured network whose admin panel is configured with the default credential...
CVE-2024-20485
A vulnerability in the VPN web server of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. Administrator-level privileges are required to exploit this...
CVE-2024-20485
A vulnerability in the VPN web server of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. Administrator-level privileges are required to exploit this...
CVE-2024-20329
A vulnerability in the SSH subsystem of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, remote attacker to execute operating system commands as root. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by...
Cisco Adaptive Security Appliance Software SSH Remote Command Injection Vulnerability
A vulnerability in the SSH subsystem of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, remote attacker to execute operating system commands as root. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by...
Cisco Adaptive Security Appliance 安全漏洞
Cisco Adaptive Security Appliance ASA is a comprehensive network security appliance developed by Cisco that provides firewall, VPN, IPS, and other security features. It supports both physical and virtual deployments and can adapt to the security needs of networks of different sizes. A remote...
CVE-2024-46280
PIX-LINK LV-WR22 RE3002-P1-01V117.0 is vulnerable to Improper Access Control. The TELNET service is enabled with weak credentials for a root-level account, without the possibility of changing them...
CVE-2024-46280
PIX-LINK LV-WR22 RE3002-P1-01V117.0 is vulnerable to Improper Access Control. The TELNET service is enabled with weak credentials for a root-level account, without the possibility of changing them...