PT-2025-1294 · Unknown · Stealthone D220+2

Chuya Hayakawa

Publicado

2025-01-06

Atualizado

2025-01-14

CVE-2025-20016

CVSS v2.0

9.0

Alta

Vetor

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions STEALTHONE D220/D340/D440 (affected versions not specified)

Description A user with administrative privileges who logs in to the web management page of the affected product may execute an arbitrary OS command. The vulnerability is related to the lack of measures to neutralize special elements used in the OS command. This could allow a remote attacker to execute arbitrary commands.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

OS Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-78

Identificadores relacionados

BDU:2025-00766

CVE-2025-20016

Produtos afetados

Stealthone D220

Stealthone D340

Stealthone D440

PT-2025-1294 · Unknown · Stealthone D220+2

CVE-2025-20016

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9