Zzcentury

**Name of the Vulnerable Software and Affected Versions** AOS-8 (affected versions not specified) AOS-10 (affected versions not specified) **Description** A command injection flaw in the web-based management interface allows an authenticated remote attacker to place arbitrary files on the underlying filesystem of the device. Command injection is a type of attack where an attacker executes arbitrary operating system commands on a server by exploiting a vulnerability in an application. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AOS-8 (affected versions not specified) AOS-10 (affected versions not specified) **Description** Command injection flaws exist in the command line interface (CLI) service accessed via the PAPI protocol. An authenticated remote attacker can exploit these issues to execute arbitrary commands on the underlying operating system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AOS-8 (affected versions not specified) AOS-10 (affected versions not specified) **Description** Command injection flaws exist in the command line interface (CLI) service accessed via the PAPI protocol. An authenticated remote attacker can exploit these issues to execute arbitrary commands on the underlying operating system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AOS-8 (affected versions not specified) AOS-10 (affected versions not specified) **Description** SQL injection flaws exist in multiple service components accessible via the command-line interface and management protocol. An authenticated attacker with administrative privileges can exploit these issues by providing crafted input into parameters passed unsanitized to backend database queries. This could lead to the execution of arbitrary commands on the underlying operating system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AOS-8 (affected versions not specified) AOS-10 (affected versions not specified) **Description** Command injection flaws exist in the web-based management interface of the operating systems. An authenticated remote attacker can exploit these issues to execute arbitrary commands on the underlying operating system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AOS-10 Gateway (affected versions not specified) **Description** A flaw in the web-based management interface allows an authenticated remote attacker to access sensitive files on the underlying operating system. This could lead to the disclosure of confidential system information, which may facilitate further attacks against the device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AOS-8 (affected versions not specified) AOS-10 (affected versions not specified) **Description** SQL injection flaws exist in multiple service components accessible via the command-line interface and management protocol. An authenticated attacker with administrative privileges can exploit these by injecting crafted input into parameters passed unsanitized to backend database queries. This could lead to the execution of arbitrary commands on the underlying operating system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AOS-8 (affected versions not specified) AOS-10 (affected versions not specified) **Description** Command injection flaws exist in the web-based management interface. An authenticated remote attacker can exploit these issues to execute arbitrary commands on the underlying operating system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AOS-8 (affected versions not specified) AOS-10 (affected versions not specified) **Description** Stack-based buffer overflow issues exist in several underlying management service components accessed through the command-line interface. An authenticated attacker with administrative privileges can exploit these by sending specially crafted requests to the affected services, potentially leading to arbitrary code execution with elevated privileges on the underlying operating system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AOS-8 (affected versions not specified) AOS-10 (affected versions not specified) **Description** Stack-based buffer overflow issues exist in several underlying management service components accessed through the command-line interface. An authenticated attacker with administrative privileges can exploit these by sending specially crafted requests to the affected services, potentially leading to arbitrary code execution with elevated privileges on the underlying operating system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AOS-8 (affected versions not specified) AOS-10 (affected versions not specified) **Description** SQL injection flaws exist in several underlying service components accessible via the command-line interface and management protocol. An authenticated attacker with administrative privileges can exploit these issues by injecting crafted input into parameters passed unsanitized to backend database queries. This could lead to the execution of arbitrary commands on the underlying operating system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AOS-8 (affected versions not specified) AOS-10 (affected versions not specified) **Description** SQL injection flaws exist in several underlying service components accessible via the command-line interface and management protocol. An authenticated attacker with administrative privileges can exploit these issues by injecting crafted input into parameters passed unsanitized to backend database queries. This could lead to the execution of arbitrary commands on the underlying operating system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AOS-8 (affected versions not specified) AOS-10 (affected versions not specified) **Description** Command injection flaws exist in the web-based management interface of the operating systems. An authenticated remote attacker can exploit these issues to execute arbitrary commands on the underlying operating system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AOS-8 (affected versions not specified) AOS-10 (affected versions not specified) **Description** SQL injection flaws exist in multiple underlying service components accessible via the command-line interface and management protocol. An authenticated attacker with administrative privileges can exploit these issues by injecting crafted input into parameters passed unsanitized to backend database queries. This could lead to the execution of arbitrary commands on the underlying operating system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AOS-8 (affected versions not specified) AOS-10 (affected versions not specified) **Description** An authenticated remote code execution issue exists in the web-based management interface. Improper input validation in the file path parameter within the certificate download functionality allows an authenticated remote attacker to overwrite arbitrary files on the underlying operating system. This can lead to the execution of arbitrary commands as a privileged user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AOS-8 (affected versions not specified) AOS-10 (affected versions not specified) **Description** Stack-based buffer overflow issues exist in several underlying management service components accessed through the command-line interface. An authenticated attacker with administrative privileges can exploit these by sending specially crafted requests to the affected services, potentially leading to arbitrary code execution with elevated privileges on the underlying operating system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AOS-8 (affected versions not specified) AOS-10 (affected versions not specified) **Description** Stack-based buffer overflow issues exist in several underlying management service components accessed through the command-line interface. An authenticated attacker with administrative privileges can exploit these by sending specially crafted requests to the affected services, potentially leading to arbitrary code execution with elevated privileges on the underlying operating system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AOS-8 (affected versions not specified) AOS-10 (affected versions not specified) **Description** Command injection flaws exist in the web-based management interface. An authenticated remote attacker could exploit these issues to upload arbitrary files to the underlying operating system, which may lead to remote code execution with privileged permissions. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AOS-8 (affected versions not specified) AOS-10 (affected versions not specified) **Description** Stack-based buffer overflow issues exist in several underlying management service components accessed through the command-line interface. An authenticated attacker with administrative privileges can exploit these by sending specially crafted requests to the affected services, potentially leading to arbitrary code execution with elevated privileges on the underlying operating system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AOS-8 operating system (affected versions not specified) **Description** The web-based management interface of mobility conductors contains command injection flaws. A successful exploit by an authenticated attacker could allow arbitrary command execution as a privileged user on the operating system. The vulnerability resides within the web-based management interface. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.