← voltar
CVE-2015-10145

Gargoyle 1.5.x Authenticated OS Command Execution via run_commands.sh

CVSS 8.7 HIGHEPSS 0.6%◆ VulnCheck KEVCWE-78
Vexday Risk Score
43Atenção
Decisão SSVC (CISA)
Act
Exploração + impacto → ação imediata
CVSS 8.7EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
31 dez 2025Publicada no NVD
Recomendação: Corrigir o quanto antes — há exploração ativa confirmada.
Gargoyle router management utility versions 1.5.x contain an authenticated OS command execution vulnerability in /utility/run_commands.sh. The application fails to properly restrict or validate input supplied via the 'commands' parameter, allowing an authenticated attacker to execute arbitrary shell commands on the underlying system. Successful exploitation may result in full compromise of the device, including unauthorized access to system files and execution of attacker-controlled commands.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N