25 matches found
CVE-2026-36828
A command injection vulnerability exists in the /cgi-bin/tools/ajaxcmd endpoint of Panabit PAP-XM320 up to and including v7.7. The CGI component allows authenticated users to execute arbitrary shell commands with root privileges via the action=runcmd parameter...
CVE-2026-36829
An authentication bypass vulnerability exists in the embedded HTTP server of Panabit PAP-XM320 up to and including v7.7. The server validates session cookies using a filesystem existence check based on a user-controlled cookie value without proper sanitization, allowing directory traversal and...
CVE-2026-36827
A command injection vulnerability exists in Panabit PAP-XM320 up to and including V7.7. The web management interface invokes the backend helper /usr/sbin/pappiw and passes user-controlled parameters to it. The helper performs unsafe argument processing using eval, which allows command injection...
CVE-2026-36828
A command injection vulnerability exists in the /cgi-bin/tools/ajaxcmd endpoint of Panabit PAP-XM320 up to and including v7.7. The CGI component allows authenticated users to execute arbitrary shell commands with root privileges via the action=runcmd parameter...
CVE-2026-36829
An authentication bypass vulnerability exists in the embedded HTTP server of Panabit PAP-XM320 up to and including v7.7. The server validates session cookies using a filesystem existence check based on a user-controlled cookie value without proper sanitization, allowing directory traversal and...
CVE-2026-36827
A command injection vulnerability exists in Panabit PAP-XM320 up to and including V7.7. The web management interface invokes the backend helper /usr/sbin/pappiw and passes user-controlled parameters to it. The helper performs unsafe argument processing using eval, which allows command injection...
CVE-2026-36829
An authentication bypass vulnerability exists in the embedded HTTP server of Panabit PAP-XM320 up to and including v7.7. The server validates session cookies using a filesystem existence check based on a user-controlled cookie value without proper sanitization, allowing directory traversal and...
Panabit PAP-XM320 操作系统命令注入漏洞
Panabit PAP-XM320 is an enterprise-level Internet access behavior management and traffic control gateway device developed by Panabit Corporation. Versions of Panabit PAP-XM320 prior to V7.7 contain a vulnerability related to operating system command injection. This vulnerability arises from the W...
CVE-2026-36828
A command injection vulnerability exists in the /cgi-bin/tools/ajaxcmd endpoint of Panabit PAP-XM320 up to and including v7.7. The CGI component allows authenticated users to execute arbitrary shell commands with root privileges via the action=runcmd parameter...
CVE-2026-36829
An authentication bypass vulnerability exists in the embedded HTTP server of Panabit PAP-XM320 up to and including v7.7. The server validates session cookies using a filesystem existence check based on a user-controlled cookie value without proper sanitization, allowing directory traversal and...
CVE-2026-36829
An authentication bypass vulnerability exists in the embedded HTTP server of Panabit PAP-XM320 up to and including v7.7. The server validates session cookies using a filesystem existence check based on a user-controlled cookie value without proper sanitization, allowing directory traversal and...
PT-2026-41949
Name of the Vulnerable Software and Affected Versions Panabit PAP-XM320 versions prior to 7.8 Description A command injection issue exists in the web management interface, which invokes the backend helper /usr/sbin/pappiw and passes user-controlled parameters to it. The helper uses the eval...
EUVD-2026-30953
An authentication bypass vulnerability exists in the embedded HTTP server of Panabit PAP-XM320 up to and including v7.7. The server validates session cookies using a filesystem existence check based on a user-controlled cookie value without proper sanitization, allowing directory traversal and...
Panabit PAP-XM320 路径遍历漏洞
Panabit PAP-XM320 is an enterprise-level network traffic management and bandwidth control gateway device developed by Panabit Corporation. Versions of Panabit PAP-XM320 prior to v7.7 contain a path traversal vulnerability. This vulnerability stems from the use of a file system existence check bas...
CVE-2026-36827
The vulnerability CVE-2026-36827 affects Panabit PAP-XM320 (up to v7.7). The web management interface calls /usr/sbin/pappiw with user-controlled inputs and uses unsafe eval for argument processing, enabling command injection. An authenticated remote attacker with access to the management UI coul...
CVE-2026-36828
A command injection vulnerability exists in the /cgi-bin/tools/ajaxcmd endpoint of Panabit PAP-XM320 up to and including v7.7. The CGI component allows authenticated users to execute arbitrary shell commands with root privileges via the action=runcmd parameter...
CVE-2026-36828
A command injection vulnerability exists in the /cgi-bin/tools/ajaxcmd endpoint of Panabit PAP-XM320 up to and including v7.7. The CGI component allows authenticated users to execute arbitrary shell commands with root privileges via the action=runcmd parameter...
Panabit PAP-XM320 操作系统命令注入漏洞
Panabit PAP-XM320 is an enterprise-level Internet behavior management and traffic control gateway device developed by Panabit Corporation. Versions of Panabit PAP-XM320 prior to v7.7 contain a vulnerability related to operating system command injection. This vulnerability arises from the...
CVE-2026-36829
CVE-2026-36829 affects Panabit PAP-XM320 (up to v7.7). The embedded HTTP server authenticates via a cookie-based value checked against the filesystem, using a user-controlled cookie without proper sanitization. This leads to a directory traversal scenario and authentication bypass, enabling bypas...
CVE-2026-36827
A command injection vulnerability exists in Panabit PAP-XM320 up to and including V7.7. The web management interface invokes the backend helper /usr/sbin/pappiw and passes user-controlled parameters to it. The helper performs unsafe argument processing using eval, which allows command injection...