GenieACS 漏洞列表
共找到 3 个与 GenieACS 相关的漏洞
📅 加载漏洞趋势中...
-
CVE-2021-46704: GenieACS => 1.2.8 - OS Command Injection POC
In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument (lib/ui/api.ts and lib/ping.ts). The vulnerability arises from insufficient input validation combined with a missing authorization check. -
CVE-2021-46704: GenieACS => 1.2.8 - OS Command Injection POC
In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument (lib/ui/api.ts and lib/ping.ts). The vulnerability arises from insufficient input validation combined with a missing authorization check. -
genieacs-default-jwt: GenieACS - Authentication Bypass (Default JWT Secret) POC
GenieACS, an Auto Configuration Server (ACS) for TR-069 enabled routers and similar devices, is vulnerable to authentication bypass due to the use of a default JWT secret. During installation, if the default JWT secret "secret" is not changed, an attacker can create a JWT token, sign it, and use this token to log into the GenieACS UI interface. The attack is carried out by setting a cookie named "genieacs-ui-jwt" with its value being the JWT token.