Asterisk AMI Originate Authenticated Remote Code Execution Exploit

On Asterisk, prior to versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2, an AMI user with write=originate may change all configuration files in the /etc/asterisk/ directory. Writing a new extension can be created which performs a system command to...

Asterisk AMI Originate Authenticated RCE

On Asterisk, prior to versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2, an AMI user with 'write=originate' may change all configuration files in the '/etc/asterisk/' directory. Writing a new extension can be created which performs a system command to...

PT-2024-34567 · Totolink · Totolink-Cx-N150Rt +3

Name of the Vulnerable Software and Affected Versions: TOTOLINK-CX-A3002RU version 1.0.4-B20171106.1512 TOTOLINK-CX-N150RT version 2.1.6-B20171121.1002 TOTOLINK-CX-N300RT versions 2.1.6-B20170724.1420 through 2.1.8-B20191010.1107 TOTOLINK-CX-N302RE version 2.0.2-B20170511.1523 Description: A...

CVE-2024-50366

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection'" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G = 1.6.3, EKI-6333AC-2GD = v1.6.3 and EKI-6333AC-1GPO = v1.2.1. The source of the vulnerability relies on...

CVE-2024-50364

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection'" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G = 1.6.3, EKI-6333AC-2GD = v1.6.3 and EKI-6333AC-1GPO = v1.2.1. The source of the vulnerability relies on...

mySCADA myPRO 操作系统命令注入漏洞

mySCADA myPRO is a professional HMI/SCADA system designed primarily for the visualization and control of industrial processes. An operating system command injection vulnerability exists in mySCADA myPRO Manager, which can be exploited by an attacker to inject arbitrary operating system commands...

GHSA-49CC-XRJF-9QF7 SFTPGo allows administrators to restrict command execution from the EventManager

Impact One powerful feature of SFTPGo is the ability to have the EventManager execute scripts or run applications in response to certain events. This feature is very common in all software similar to SFTPGo and is generally unrestricted. However, any SFTPGo administrator with permission to run a...

CVE-2024-21786

An OS command injection vulnerability exists in the web interface configuration upload functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

PT-2024-22222 · Unknown · Mc Lr Router

Name of the Vulnerable Software and Affected Versions: MC LR Router version 2.10.5 Description: The issue concerns OS command injection vulnerabilities in the web interface I/O configuration functionality. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can...

CVE-2024-8881

A post-authentication command injection vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80AAHN.1C0 and earlier could allow an authenticated, LAN-based attacker with administrator privileges to execute some operating system OS commands on an affected device by...

PT-2024-8173 · D Link · D-Link Dsl6740C

Name of the Vulnerable Software and Affected Versions: D-Link DSL6740C modem affected versions not specified Description: The D-Link DSL6740C modem has an OS Command Injection issue, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a...

PT-2024-16432 · Idexpert · Idexpert

Name of the Vulnerable Software and Affected Versions: IDExpert versions up to 2.8 Description: The issue concerns a lack of validation in the administrator interface of IDExpert, allowing remote attackers with administrative privileges to inject and execute OS commands on the server. This can be...

Siemens InterMesh 7177和Siemens InterMesh 7707 访问控制错误漏洞

InterMesh is a wireless alarm reporting system that uses mesh wireless network technology to transmit alarm signals. A security vulnerability exists in Siemens InterMesh Subscriber Devices due to a web server in the affected devices that does not authenticate a GET request that executes a specifi...

Microchip TimeProvider 4100 操作系统命令注入漏洞

Microchip TimeProvider 4100 is a gateway clock from Microchip, Inc. A security vulnerability exists in the Microchip TimeProvider 4100 prior to version 2.4.7 that stems from improper neutralization of special elements of operating system commands, resulting in OS command injection...

CVE-2024-46329

VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain a command injection vulnerability via the SystemCommand object...

PT-2024-7556 · Ptzoptics · Ptzoptics Pt30X-Sdi/Ndi Cameras

Name of the Vulnerable Software and Affected Versions: PTZOptics PT30X-SDI/NDI Cameras versions prior to firmware 6.3.40 Description: The issue is related to an OS command injection problem. The camera does not sufficiently validate the ntp addr configuration value, which may lead to arbitrary...

Shanshi Netcom WAF Command Execution Vulnerability

Web Application Firewall WAF is a professional and intelligent Web application security protection product, which comprehensively applies intelligent analysis and semantic analysis technology in Web asset discovery, vulnerability assessment, traffic learning, threat localization, etc., to help...

CVE-2024-8075

A vulnerability has been found in TOTOLINK AC1200 T8 4.1.5cu.862B20230228 and classified as critical. Affected by this vulnerability is the function setDiagnosisCfg. The manipulation leads to os command injection. The attack can be launched remotely. NOTE: The vendor was contacted early about thi...

PT-2024-10766 · Unknown · Ca Privileged Access Manager

Name of the Vulnerable Software and Affected Versions: Privileged Access Manager versions prior to 3.7.0.1 Description: The issue allows an SSH authenticated user to execute an OS command and gain full system access using bash when accessing the PAM server. Recommendations: For versions prior to...

ROS-20240816-11

A vulnerability in the procopen function of the PHP programming language interpreter exists due to a failure to take measures to neutralize special elements used by the operating system. to neutralize special elements used in the operating system command. Exploitation exploitation of the...