Skip to main content
CVE-2018-17532 CRITICAL POC THREAT Act Now

Teltonika RUT9XX routers with firmware before 00.04.233 are prone to multiple unauthenticated OS command injection vulnerabilities in autologin.cgi and hotspotlogin.cgi due to insufficient user input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Rut900 Firmware Rut950 Firmware Rut955 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
71.3%
CVE-2018-15540 CRITICAL POC Act Now

Agentejo Cockpit performs actions on files without appropriate validation and therefore allows an attacker to traverse the file system to unintended locations and/or access arbitrary files, aka. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Cockpit
NVD
CVSS 3.0
9.8
EPSS
2.3%
CVE-2018-18322 CRITICAL POC THREAT Act Now

CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has Command Injection via shell metacharacters in the admin/index.php service_start, service_restart, service_fullstatus, or service_stop. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Webpanel
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
15.1%
CVE-2018-18320 CRITICAL POC Act Now

An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Rt Ac5300 Firmware Rt Ac1900P Firmware Rt Ac68U Firmware +11
NVD GitHub
CVSS 3.0
9.8
EPSS
5.2%
CVE-2018-18319 CRITICAL POC Act Now

An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Rt Ac5300 Firmware Rt Ac1900P Firmware +12
NVD GitHub
CVSS 3.0
9.8
EPSS
5.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy