Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Netcore NBR200V2 HTTP Header routerd passwd_set command injection
Vulnerability Description
A vulnerability has been found in Netcore NBR1005GPEV2, B6V2, COVER5, NAP830, NAP930, NBR100V2 and NBR200V2 up to 20250508 and classified as critical. This vulnerability affects the function passwd_set of the file /usr/bin/routerd of the component HTTP Header Handler. The manipulation of the argument pwd leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
在命令中使用的特殊元素转义处理不恰当(命令注入)
Vulnerability Title
Netcore多款产品 注入漏洞
Vulnerability Description
Netcore NBR1005GPEV2等都是中国磊科(Netcore)公司的产品。Netcore NBR1005GPEV2是一个全千兆多WAN口POE供电企业AP管理多功能有线路由器。Netcore B6V2是一款全千兆无线路由器。Netcore COVER5是一款企业级路由器。 Netcore多款产品存在注入漏洞,该漏洞源于对文件/usr/bin/routerd中参数pwd的错误操作导致命令注入。以下产品及版本受到影响:NBR1005GPEV2、B6V2、COVER5、NAP830、NAP930、NB
CVSS Information
N/A
Vulnerability Type
N/A