CVE-2015-10145

CVSS v4.0

8.7

Vector

AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Name of the Vulnerable Software and Affected Versions Gargoyle router management utility versions 1.5.x

Description The application does not properly restrict or validate input provided through the

commands

parameter, leading to authenticated OS command execution. This occurs in the /utility/run commands.sh script. Successful exploitation could lead to a full compromise of the device, including unauthorized access to system files and execution of attacker-controlled commands.

Recommendations Update to a newer version that contains a fix for this vulnerability.

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2015-10145

Affected Products

Gargoyle Router

CVE-2015-10145

Weakness Enumeration

Related Identifiers

Affected Products

References · 8