CVE-2026-23759

Name of the Vulnerable Software and Affected Versions Perle IOLAN STS/SCS versions prior to 6.0

Description Perle IOLAN STS/SCS terminal server models with firmware versions prior to 6.0 allow authenticated operating system command injection through the restricted shell accessible via Telnet or SSH. The 'ps' command within the shell does not properly sanitize arguments, passing user-supplied parameters to an 'sh -c' invocation that runs with root privileges. An authenticated attacker who can log in to the device can inject shell metacharacters after the 'ps' subcommand to execute arbitrary operating system commands with root privileges, potentially leading to a full compromise of the underlying operating system. The ps command is vulnerable due to improper sanitization of arguments, which are then passed to the sh -c function.

Recommendations Update Perle IOLAN STS/SCS firmware to version 6.0 or later.