40 matches found
EUVD-2018-1257
Malware in sbrugna...
EUVD-2018-1169
Malware in sbrugna...
EUVD-2017-12976
Malware in sbrugna...
EUVD-2018-1170
Malware in sbrugna...
EUVD-2025-14029
Malicious code in bioql PyPI...
CVE-2025-0505
On Arista CloudVision systems virtual or physical on-premise deployments, Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system state for devices under management. Note that...
CVE-2025-0505
On Arista CloudVision systems virtual or physical on-premise deployments, Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system state for devices under management. Note that...
CVE-2025-0505
Arista CloudVision ZTP privilege escalation (CVE-2025-0505) affects on-prem CloudVision Portal/CUE; ZTP can grant admin privileges beyond what’s necessary, enabling querying/manipulation of managed devices. CloudVision as-a-Service is not affected. On-premise CloudVision Portal versions listed in...
CVE-2025-0505 On Arista CloudVision systems (virtual or physical on-premise deployments), Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system state
On Arista CloudVision systems virtual or physical on-premise deployments, Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system state for devices under management. Note that...
CVE-2025-0505 On Arista CloudVision systems (virtual or physical on-premise deployments), Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system state
On Arista CloudVision systems virtual or physical on-premise deployments, Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system state for devices under management. Note that...
PT-2025-20408 · Arista · Arista Cloudvision
Name of the Vulnerable Software and Affected Versions: Arista CloudVision affected versions not specified Description: The issue allows an attacker to gain admin privileges on the CloudVision system using Zero Touch Provisioning, with more permissions than necessary. This can be used to query or...
Exploit for OS Command Injection in Zyxel Usg_Flex_100W_Firmware
CVE-2022-30525 A OS Command Injection Vulnerability in the CGI...
Zyxel Firewall ZTP Unauthenticated Command Injection Exploit
This Metasploit module exploits CVE-2022-30525, an unauthenticated remote command injection vulnerability affecting Zyxel firewalls with zero touch provisioning ZTP support. By sending a malicious setWanPortSt command containing an mtu field with a crafted OS command to the /ztp/cgi-bin/handler...
Zyxel Firewall ZTP Unauthenticated Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zyxel Firewall ZTP Unauthenticated Command Injection', 'Description' = %q This module exploits CVE-2022-30525, an unauthenticated remote command...
Zyxel Firewall ZTP Unauthenticated Command Injection
This module exploits CVE-2022-30525, an unauthenticated remote command injection vulnerability affecting Zyxel firewalls with zero touch provisioning ZTP support. By sending a malicious setWanPortSt command containing an mtu field with a crafted OS command to the /ztp/cgi-bin/handler page, an...
CVE-2022-30525 (FIXED): Zyxel Firewall Unauthenticated Remote Command Injection
Rapid7 discovered and reported a vulnerability that affects Zyxel firewalls supporting Zero Touch Provisioning ZTP, which includes the ATP series, VPN series, and the USG FLEX series including USG20-VPN and USG20W-VPN. The vulnerability, identified as CVE-2022-30525, allows an unauthenticated and...
Juniper Junos OS Path Traversal Vulnerability
A path traversal vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN DVPN, Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning ZTP allows an unauthenticated attacker to perform remote code execution...
VulnCheck KEV: CVE-2020-1631
A path traversal vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN DVPN, Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning ZTP allows an unauthenticated attacker to perform remote code execution...
CVE-2018-0434
A vulnerability in the Zero Touch Provisioning feature of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data by using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected...
Design/Logic Flaw
A vulnerability in the Zero Touch Provisioning feature of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data by using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected...