RSS   Vulnerabilities for 'Genieacs'   RSS

2022-03-06
 
CVE-2021-46704

CWE-78
 

 
In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument (lib/ui/api.ts and lib/ping.ts). The vulnerability arises from insufficient input validation combined with a missing authorization check.

 


Copyright 2024, cxsecurity.com

 

Back to Top