漏洞描述
Aerohive HiveOS是美国艾诺威(Aerohive)公司的一套用于无线接入器和路由器中的操作系统。NetConfig 是Aerohive/Extreme Networks HiveOS 管理网络界面。 Aerohive HiveOS 的 WEB 控制台在10.0r8a及之前的版本中存在未授权的本地文件包含,攻击者可利用漏洞获取敏感信息,甚至获取一个以root权限运行的webshell,来接管服务器。
Aerohive NetConfig 10.0r8a 命令执行漏洞(CVE-2020-16152)
PoC代码
暂无相关漏洞推荐
- POC CVE-2023-52163: Digiever DS-2105 Pro - Command Injection
- POC CVE-2025-4210: Casdoor - Authorization Bypass
- POC CVE-2012-10018: WordPress Mapplic <= 6.1 / Mapplic Lite <= 1.0 - Authenticated Stored XSS via SVG File Upload
- POC CVE-2017-11107: phpLDAPadmin <= 1.2.3 - Reflected XSS
- POC CVE-2018-10245: AWStats <= 7.5 - Full Path Disclosure
- POC CVE-2022-1029: Limit Login Attempts - Stored Cross-Site Scripting
- POC CVE-2022-4940: WCFM Membership <= 2.10.0 - Broken Access Control
- (CVE-2025-15010)腾达WH450 1.0.0.18 /goform/SafeUrlFilter栈缓冲区溢出漏洞
- POC CVE-2019-10647: ZZZCMS ZZZPHP 1.6.3 – Remote PHP Code Execution (RCE)
- POC CVE-2023-3388: Beautiful Cookie Consent Banner < 2.10.2 - Cross-Site Scripting
- (CVE-2025-56107)Ruijie RG-BCR RG-BCR600W OS命令注入漏洞
- POC CVE-2022-31101: Prestashop Blockwishlist 2.1.0 SQL Injection
- POC CVE-2023-3277: MStore API <= 4.10.7 - Unauthorized Account Access and Privilege Escalation