Tags → #command injection

Critical Vulnerability Identified in Attended SysUpgrade Server

A critical security advisory has been issued for the OpenWrt Attended SysUpgrade server, highlighting a vulnerability (CVE-2024-54143) that could allow command injection attacks due to a truncated SHA-256 hash.
Security Vulnerabilities Identified in OpenWrt Firmware Process

Investigations have revealed significant security vulnerabilities in the OpenWrt firmware upgrade process, including command injection and SHA-256 collision flaws, which could potentially allow attackers to compromise user devices.
Critical Command Injection Vulnerability Found in Kemp LoadMaster

A critical Command Injection vulnerability has been identified in Kemp's LoadMaster Load Balancer, affecting all versions up to 7.2.60.0 and allowing for remote exploitation without authentication.
Security Vulnerability Discovered in TL-WR841N Router

A recent analysis has revealed a command injection vulnerability in early versions of the TL-WR841N router, allowing authenticated attackers to execute arbitrary commands through its diagnostics webpage.
D-Link NAS Devices Found Vulnerable to Command Injection

A command injection vulnerability has been discovered in certain D-Link Network Attached Storage devices, potentially affecting over 61,000 units connected to the Internet.