Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
resi-calltrace in RESI Gemini-Net 4.2 is affected by OS Command Injection. It does not properly check the parameters sent as input before they are processed on the server. Due to the lack of validation of user input, an unauthenticated attacker can bypass the syntax intended by the software (e.g., concatenate `&|;\r\ commands) and inject arbitrary system commands with the privileges of the application user.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
RESI Gemini-Net 操作系统命令注入漏洞
Vulnerability Description
RESI Gemini-Net是意大利RESI公司的一种用于通信网络和服务的主动和被动监控的技术。 RESI Gemini-Net 4.2版本存在操作系统命令注入漏洞,该漏洞源于缺乏对用户输入的验证。攻击者利用该漏洞绕过软件预期的语法并以user的权限注入任意系统命令。
CVSS Information
N/A
Vulnerability Type
N/A