CloudLinux CageFS versions 7.0.8-2 and below insufficiently restrict file paths supplied to the sendmail proxy command. This allows local users to read and write arbitrary files of certain file formats outside the CageFS environment.
7cfae83fd5939609459b8ed98a7edecfd614eb3c5cd3373d9da412bc106b20d1
CloudLinux CageFS versions 7.1.1-1 and below pass the authentication token as a command line argument. In some configurations this allows local users to view the authentication token via the process list and gain code execution as another user.
437f367ac50c53712ae264b28731e8929e461079e8ff05355b97f16fb6c32a55
MOKOSmart MKGW1 Gateway devices with firmware version 1.1.1 or below do not provide an adequate session management for the administrative web interface. This allows adjacent attackers with access to the management network to read and modify the configuration of the device.
c694be2f3aeadf3e34a15c75c0c332496dca8eac6b5590d03759fec352bbdae6
Teltonika RUT9XX routers with firmware before 00.05.01.1 are prone to cross site scripting vulnerabilities in hotspotlogin.cgi due to insufficient user input sanitization.
4cce626d1539e2d1d2f295b036e17ec9f4779d6658a6a91f1e7574c7c10e9d5d
Teltonika RUT9XX routers with firmware before 00.04.233 provide a root terminal on a serial interface without proper access control. This allows attackers with physical access to execute arbitrary commands with root privileges.
e9d45ff879f8d592742af5d9401af535a0057ffab7ca2663e9027078fd59edd6
Teltonika RUT9XX routers with firmware before 00.04.233 are prone to multiple unauthenticated OS command injection vulnerabilities in autologin.cgi and hotspotlogin.cgi due to insufficient user input sanitization. This allows remote attackers to execute arbitrary commands with root privileges.
3b891e67dc7f84a78fafd4de519a7224bdb6d898a5ad5c79db67551a91fc0d24