CyberSec.Space Logo
CVEブラウザに戻る

CVE-2016-10043

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1940%
EPSS Percentile2.98th
Published2017年1月31日
Last Modified2026年5月13日

Vulnerability Description

An issue was discovered in Radisys MRF Web Panel (SWMS) 9.0.1. The MSM_MACRO_NAME POST parameter in /swms/ms.cgi was discovered to be vulnerable to OS command injection attacks. It is possible to use the pipe character (|) to inject arbitrary OS commands and retrieve the output in the application's responses. Attackers could execute unauthorized commands, which could then be used to disable the software, or read, write, and modify data for which the attacker does not have permissions to access directly. Since the targeted application is directly executing the commands instead of the attacker, any malicious activities may appear to come from the application or the application's owner (apache user).

Affected Platforms (CPE)

📦
Mrf

Web Panel

= 9.0.1

References & Advisories

🔗 https://www.exploit-db.com/exploits/41179/
🔗 https://www.exploit-db.com/exploits/41179/

関連する脆弱性情報

CVE-2011-450910.0

The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panel...

CVE-2011-451310.0

Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels S...

CVE-2008-459210.0

Directory traversal vulnerability in index.php in Sports Clubs Web Panel 0.0.1 allows remote attackers to include and execute arbi...

CVE-2018-88989.8

A flaw in the authentication mechanism in the Login Panel of router D-Link DSL-3782 (A1_WI_20170303 || SWVer="V100R001B012" FWVer=...