Known Exploited Vulnerabilities Command Execution Capability Group

This vulnerability is exploited by a remote attacker who leverages a command injection flaw in Apache RocketMQ versions 5.1 and lower. By using the update configuration function, the adversary can execute commands as the system user under which RocketMQ is running. This lack of permission verification in components like NameServer, Broker, and Controller, which are exposed on the extranet, allows for remote command execution. Additionally, attackers can forge RocketMQ protocol content to achieve the same effect. Since at least June 2023, threat actors have actively exploited this vulnerability to gain initial access and deploy the DreamBus botnet, a Linux-based malware.

This vulnerability is exploited by a remote attacker who leverages a command injection flaw in Apache RocketMQ versions 5.1 and lower. By using the update configuration function, the adversary can execute commands as the system user under which RocketMQ is running. This lack of permission verification in components like NameServer, Broker, and Controller, which are exposed on the extranet, allows for remote command execution. Additionally, attackers can forge RocketMQ protocol content to achieve the same effect. Since at least June 2023, threat actors have actively exploited this vulnerability to gain initial access and deploy the DreamBus botnet, a Linux-based malware.

This vulnerability is exploited by a remote attacker who leverages a command injection flaw in Apache RocketMQ versions 5.1 and lower. By using the update configuration function, the adversary can execute commands as the system user under which RocketMQ is running. This lack of permission verification in components like NameServer, Broker, and Controller, which are exposed on the extranet, allows for remote command execution. Additionally, attackers can forge RocketMQ protocol content to achieve the same effect. Since at least June 2023, threat actors have actively exploited this vulnerability to gain initial access and deploy the DreamBus botnet, a Linux-based malware.

CVE 2021-42237related to a remote code execution vulnerability through insecure deserialization.

Due to improper input sanitization, the web interface of the Edimax IC-7100 contains a vulnerability that allows for a user to send a crafted HTTP request containing a malicious command(s), which the camera's OS can be forced to execute.

Zyxel CPE devices contain a Telnet interface that fails to properly sanitize input containing special characters, which facilitates code execution that can lead to data exfiltration, network infiltration, and total system compromise.

Zyxel CPE devices contain a Telnet interface that fails to properly sanitize input containing special characters, which facilitates code execution that can lead to data exfiltration, network infiltration, and total system compromise.

Zyxel CPE contain an HTTP-based vulnerability that facilitates code execution that can lead to data exfiltration, network infiltration, and total system compromise. No public proof-of-concept exists for this exploit, and Zyxel has no intention of patching the vulnerability since the devices affected are end-of-life.

Zyxel CPE contain an HTTP-based vulnerability that facilitates code execution that can lead to data exfiltration, network infiltration, and total system compromise. No public proof-of-concept exists for this exploit, and Zyxel has no intention of patching the vulnerability since the devices affected are end-of-life.