BEC Technologies Multiple Routers sys ping Command Injection Remote Code Execution Vulnerability

BEC Technologies Multiple Routers sys ping Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of BEC Technologies Multiple Routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the management interface, which listens on TCP port 22 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-25903.

N/A

OS命令中使用的特殊元素转义处理不恰当(OS命令注入)

BEC Routers 操作系统命令注入漏洞

BEC Routers是美国BEC公司的一系列路由器。 BEC Routers存在操作系统命令注入漏洞，该漏洞源于管理接口未正确验证用户输入，可能导致远程代码执行。

N/A

N/A