CVE Disclosures
Parameter injection in WhoDB database connection strings
WhoDB is vulnerable to parameter injection in database connection strings, allowing attackers to inject arbitrary parameters and read local files through MySQL's allowAllFiles parameter.
Path traversal vulnerability in WhoDB SQLite database access
Path traversal vulnerability in WhoDB allowing unauthenticated attackers to open and read any SQLite3 database on the host system by bypassing directory restrictions through ../ sequences.
Container mount abuse in MikroTik RouterOS for code execution
Symlink resolution flaws in RouterOS container mount points allow attackers to mount arbitrary directories and execute code on the host device by abusing symbolic links as mount portals.
Command injection via AT commands on Quectel RG500Q-EA 5G modem
Command injection vulnerability in the AT+QFOTADL command handler on Quectel RG500Q-EA modems, allowing root code execution through unsanitized user input in OTA download procedures.
File inclusion vulnerability in Nim's reStructuredText processor
Despite documentation claiming include directives are disabled in online environments, Nim's rstToHtml procedure allows local file inclusion through both standard include directives and undocumented code-block file parameter.
Command injection via AT commands on Quectel EG25-G modem
Command injection vulnerability in the AT+QFUMOCFG command parser on Quectel EG25-G modems (including PinePhone), allowing root code execution through unsanitized user input.
Unsafe firewall includes allowing remote code execution on IOPSYS
Authenticated users can abuse firewall include configuration options to execute arbitrary scripts as root by injecting malicious dhcp-script and conf-script directives into firewall configuration.
Privilege escalation via Samba configuration manipulation on IOPSYS
Multiple safe features combine to allow filesystem read-write access and root shell on IOPSYS devices by manipulating Samba configuration files through /tmp write access and symlink resolution.
Privilege escalation via p910nd printer daemon configuration abuse
Authenticated users can modify p910nd printer daemon configuration to point to arbitrary files for read/write access as root, leading to information disclosure and remote code execution.
Remote code execution via DHCP daemon configuration in IOPSYS
Authenticated attackers can modify odhcpd configuration to execute arbitrary commands as root by manipulating the leasetrigger parameter combined with Samba share file uploads.
ACL misconfiguration leading to root access on Inteno routers
Misconfigured Access Control Lists allow authenticated users to read arbitrary files, write SSH keys, and gain root access through the file and router.dropbear ubus calls.
