Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
BYTEVALUE Intelligent Flow Control Router Command Injection
Vulnerability Description
BYTEVALUE Intelligent Flow Control Router contains a command injection vulnerability via the /goform/webRead/open endpoint. The `path` parameter is not properly validated and is echoed into a shell context, allowing an attacker to inject and execute arbitrary shell commands on the device. Successful exploitation can lead to writing backdoors, privilege escalation on the host, and full compromise of the router and its management functions. VulnCheck has observed this vulnerability being targeted by the RondoDox botnet campaign.
CVSS Information
N/A
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
BESTWOND Intelligent Flow Control Router 安全漏洞
Vulnerability Description
BESTWOND Intelligent Flow Control Router是中国百为智能(BESTWOND)公司的一款智能流控路由器。 BESTWOND Intelligent Flow Control Router存在安全漏洞,该漏洞源于未正确验证path参数并将其回显到shell环境中,可能导致执行任意shell命令。
CVSS Information
N/A
Vulnerability Type
N/A