54 matches found
CVE-2025-71284
Synway SMG Gateway Management Software is affected by an OS command injection in the RADIUS configuration endpoint /en/9-2radius.php. The radius_address POST parameter (and related fields) is split and interpolated directly into a sed command without sanitization, enabling an unauthenticated remo...
Synway SMG Gateway Management Software 操作系统命令注入漏洞
Synway SMG Gateway Management Software is a gateway management software developed by Synway Corporation. This software has a vulnerability related to operating system command injection. The vulnerability stems from the RADIUS configuration endpoint/en/9-2radius.php, where the radiusaddress POST...
CVE-2020-12594
A privilege escalation flaw allows a malicious, authenticated, privileged CLI user to escalate their privileges on the system and gain full control over the SMG appliance. This affects SMG prior to 10.7.4...
CVE-2020-12595
An information disclosure flaw allows a malicious, authenticated, privileged web UI user to obtain a password for a remote SCP backup server that they might not otherwise be authorized to access. This affects SMG prior to 10.7.4...
CVE-2025-1448
A vulnerability was found in Synway SMG Gateway Management Software up to 20250204. It has been rated as critical. This issue affects some unknown processing of the file 9-12ping.php. The manipulation of the argument retry leads to command injection. The attack may be initiated remotely. The...
EUVD-2020-4896
Malware in sbrugna...
EUVD-2020-4897
Malware in sbrugna...
EUVD-2025-4756
Malicious code in bioql PyPI...
Malicious code in @zalastax/nolb-_smg (npm)
The package @zalastax/nolb-smg was found to contain malicious code...
CVE-2025-5243
Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in SMG Software Information Portal allows Code Injection, Upload a Web Shell to a Web Server, Code Inclusion. This issue affects Information...
CVE-2025-5243
Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in SMG Software Information Portal allows Code Injection, Upload a Web Shell to a Web Server, Code Inclusion. This issue affects Information...
CVE-2025-5243 Arbitrary File Upload in SMG Software's Information Portal
Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in SMG Software Information Portal allows Code Injection, Upload a Web Shell to a Web Server, Code Inclusion. This issue affects Information...
CVE-2025-5243
CVE-2025-5243 affects SMG Software Information Portal. Affected versions before 13.06.2025 are vulnerable to unrestricted file upload and improper neutralization of special elements in OS command contexts, enabling code injection and potential upload of a web shell leading to code inclusion. The ...
PT-2025-30665
Name of the Vulnerable Software and Affected Versions SMG Software Information Portal versions prior to 13.06.2025 Description The software contains an unrestricted file upload and improper neutralization of special elements used in an OS command vulnerability, potentially leading to code injecti...
CVE-2025-1448
A vulnerability was found in Synway SMG Gateway Management Software up to 20250204. It has been rated as critical. This issue affects some unknown processing of the file 9-12ping.php. The manipulation of the argument retry leads to command injection. The attack may be initiated remotely. The...
CVE-2025-1448 Synway SMG Gateway Management Software 9-12ping.php command injection
A vulnerability was found in Synway SMG Gateway Management Software up to 20250204. It has been rated as critical. This issue affects some unknown processing of the file 9-12ping.php. The manipulation of the argument retry leads to command injection. The attack may be initiated remotely. The...
CVE-2025-1448 Synway SMG Gateway Management Software 9-12ping.php command injection
A vulnerability was found in Synway SMG Gateway Management Software up to 20250204. It has been rated as critical. This issue affects some unknown processing of the file 9-12ping.php. The manipulation of the argument retry leads to command injection. The attack may be initiated remotely. The...
CVE-2025-1448
CVE-2025-1448 affects Synway SMG Gateway Management Software up to 20250204. The issue is in the handling of the file 9-12ping.php, where the retry parameter can be manipulated to trigger a command-injection vulnerability. Exploitation can be remote; public PoCs exist. Remediation details are lim...
The vulnerability of the Eltex SMG-1016M router’s microprogramming software arises from the lack of measures to neutralize special elements, allowing a intruder to execute arbitrary codes.
The vulnerability of the Eltex SMG-1016M router’s microprogramming software exists due to the lack of measures taken to neutralize specific elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary codes...
PT-2024-10545 · Eltex · Eltex Smg-1016M
Name of the Vulnerable Software and Affected Versions: Eltex SMG-1016M affected versions not specified Description: The issue exists due to the lack of measures to neutralize special elements in the Eltex SMG-1016M trunk gateway's firmware. Exploitation of this issue may allow a remote attacker t...