MAL-2026-4744 Malicious code in cch-agent (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5cfe9b8e5b4fc182dbef3ccc501998bbc412673e03db0c4cca6d251ea3c689af simpleagent/cli.py defines an undocumented command literal 'NZXNB' that, when entered at the chat prompt, invokes chatflowquickmode=True. In quick mo...

Malicious code in cch-agent (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5cfe9b8e5b4fc182dbef3ccc501998bbc412673e03db0c4cca6d251ea3c689af simpleagent/cli.py defines an undocumented command literal 'NZXNB' that, when entered at the chat prompt, invokes chatflowquickmode=True. In quick mo...

CVE-2022-38372

A hidden functionality vulnerability CWE-1242 in FortiTester CLI 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow a local, privileged user to obtain a root shell on the device via an undocumented command...

EUVD-2022-40958

Malicious code in bioql PyPI...

CVE-2025-26412 Undocumented Root Shell Access in SIMCom SIM7600G Modem

The SIMCom SIM7600G modem supports an undocumented AT command, which allows an attacker to execute system commands with root permission on the modem. An attacker needs either physical access or remote shell access to a device that interacts directly with the modem via AT commands...

CVE-2022-38372

A hidden functionality vulnerability CWE-1242 in FortiTester CLI 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow a local, privileged user to obtain a root shell on the device via an undocumented command...

CVE-2022-38372

A hidden functionality vulnerability CWE-1242 in FortiTester CLI 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow a local, privileged user to obtain a root shell on the device via an undocumented command...

CVE-2022-38372

A hidden functionality vulnerability CWE-1242 in FortiTester CLI 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow a local, privileged user to obtain a root shell on the device via an undocumented command...

Command injection

A hidden functionality vulnerability CWE-1242 in FortiTester CLI 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow a local, privileged user to obtain a root shell on the device via an undocumented command...

CVE-2022-38372

A hidden functionality vulnerability CWE-1242 in FortiTester CLI 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow a local, privileged user to obtain a root shell on the device via an undocumented command...

PT-2022-24395 · Fortinet · Fortitester Cli

Name of the Vulnerable Software and Affected Versions: FortiTester CLI versions 2.3.0 through 3.9.1 FortiTester CLI versions 4.0.0 through 4.2.0 FortiTester CLI versions 7.0.0 through 7.1.0 Description: A hidden functionality issue may allow a local, privileged user to obtain a root shell on the...

CVE-2022-38372

FortiTester CLI contains a hidden functionality vulnerability (CWE-1242) that can allow a local, privileged user to obtain a root shell via an undocumented command. Affected versions are FortiTester CLI 2.3.0–3.9.1, 4.0.0–4.2.0, and 7.0.0–7.1.0. Red Hat and other sources reference the same issue,...

FortiTester - Undocumented shell command

A hidden functionality vulnerability CWE-1242 in FortiTester CLI may allow a local, privileged user to obtain a root shell on the device via an undocumented command...

CVE-2022-34869

Undocumented hidden command that can be executed from the telnet function of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote authenticated attacker to execute an arbitrary OS command...

CVE-2022-34869

The CVE-2022-34869 issue affects CentreCOM AR260S V2 firmware before 3.3.7. A vulnerability exists in an undocumented hidden command accessible via the telnet function, which an authenticated remote attacker can use to execute arbitrary OS commands. The vulnerability is confirmed across multiple ...

Format string

An issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. The undocumented shell command "prompt" sets the user controlled shell's prompt value, which is used as a format string input to printf, resulting in an information leak of memory addresses...

CVE-2018-0052

If RSH service is enabled on Junos OS and if the PAM authentication is disabled, a remote unauthenticated attacker can obtain root access to the device. RSH service is disabled by default on Junos. There is no documented CLI command to enable this service. However, an undocumented CLI command...

Junos OS: Unauthenticated remote root access possible when RSH service is enabled

If RSH service is enabled on Junos OS and if the PAM authentication is disabled, a remote unauthenticated attacker can obtain root access to the device. RSH service is disabled by default on Junos. There is no documented CLI command to enable this service. However, an undocumented CLI command...

Apache ActiveMQ DoS

Undocumented shutdown command...

Grandstream GXV3275 SSH Key / Command Execution Vulnerability

Grandstream GXV3275 ships with a default root SSH key which could be used a backdoor. It also suffers from an issue where restricted commands can be leveraged to break out into a full shell. The Grandstream GXV3275 is an Android-based VoIP phone. Several vulnerabilities were found affecting this...