Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A Command Injection vulnerability in httpd web server (setup.cgi) in SerComm h500s, FW: lowi-h500s-v3.4.22 allows logged in administrators to arbitrary OS commands as root in the device via the connection_type parameter of the statussupport_diagnostic_tracing.json endpoint.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
SerComm h500s 操作系统命令注入漏洞
Vulnerability Description
SerComm h500s是中国SerComm公司的一款路由器设备。 SerComm h500s lowi-h500s-v3.4.22 版本存在安全漏洞,该漏洞源于 httpd Web 服务器 (setup.cgi) 中的命令注入问题。攻击者利用该漏洞可通过 statussupport_diagnostic_tracing.json 端点的 connection_type 参数以 root 身份在设备中执行任意操作系统命令。
CVSS Information
N/A
Vulnerability Type
N/A