Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A vulnerability in the web management GUI of the Cisco D9800 Network Transport Receiver could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of GUI command arguments. An attacker could exploit this vulnerability by injecting crafted arguments into a vulnerable GUI command. An exploit could allow the attacker to execute commands on the underlying BusyBox operating system. These commands are run at the privilege level of the authenticated user. The attacker needs valid device credentials for this attack. Cisco Bug IDs: CSCvg74691.
CVSS Information
N/A
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
Cisco D9800 Network Transport Receiver Web management GUI 操作系统命令注入漏洞
Vulnerability Description
Cisco D9800 Network Transport Receiver是美国思科(Cisco)公司的一款提供了硬件配置和下载功能的网络传输接收机。Web management GUI是其中的一个Web管理界面。 Cisco D9800 Network Transport Receiver中的Web management GUI存在操作系统命令注入漏洞,该漏洞源于程序没有充分的验证GUI命令参数。远程攻击者可通过向受影响的GUI命令注入特制的参数利用该漏洞在底层的BusyBox操作系统上执行命令。
CVSS Information
N/A
Vulnerability Type
N/A