Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to send authenticated POST requests to the administration web interface. Command injection is possible in the `powerd_normal_mode` parameter.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Netgate pfSense CE 命令注入漏洞
Vulnerability Description
Netgate pfSense CE是美国Netgate公司的一套免费开源的基于FreeBSD的防火墙和路由器软件。 Netgate pfSense CE 2.4.4-RELEASE版本中的‘powerd_normal_mode’参数存在命令注入漏洞。攻击者可通过向管理Web接口发送POST请求利用该漏洞在系统上执行任意命令。
CVSS Information
N/A
Vulnerability Type
N/A