漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
A command injection vulnerability was found in the PPTP VPN Clients on the ADM
Vulnerability Description
A command injection vulnerability was found in the PPTP VPN Clients on the ADM. The vulnerability allows an administrative user to break out of the restricted web environment and execute arbitrary code on the underlying operating system. This occurs due to insufficient validation of user-supplied input before it is passed to a system shell. Successful exploitation allows an attacker to achieve Remote Code Execution (RCE) and fully compromise the system. Affected products and versions include: from ADM 4.1.0 through ADM 4.3.3.RR42 as well as from ADM 5.0.0 through ADM 5.1.2.REO1.
CVSS Information
N/A
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
ASUSTOR ADM 安全漏洞
Vulnerability Description
ASUSTOR ADM是中国华芸科技(ASUSTOR)公司的一种所有 ASUSTOR NAS 设备的专用操作系统。 ASUSTOR ADM 4.1.0至4.3.3.RR42版本和5.0.0至5.1.2.REO1版本存在安全漏洞,该漏洞源于PPTP VPN客户端对用户输入验证不足,可能导致管理用户突破受限Web环境并在底层操作系统上执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A