CVE-2020-29574
https://notcve.org/view.php?id=CVE-2020-29574
An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows unauthenticated attackers to execute arbitrary SQL statements remotely. Una vulnerabilidad de inyección SQL en el WebAdmin de Cyberoam OS versiones hasta 04-12-2020, permite a atacantes no autenticados ejecutar sentencias SQL arbitrarias remotamente • https://www.bleepingcomputer.com/news/security/sophos-fixes-sql-injection-vulnerability-in-their-cyberoam-os https://www.cyberoam.com/ngfw.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2019-17059
https://notcve.org/view.php?id=CVE-2019-17059
A shell injection vulnerability on the Sophos Cyberoam firewall appliance with CyberoamOS before 10.6.6 MR-6 allows remote attackers to execute arbitrary commands via the Web Admin and SSL VPN consoles. Una vulnerabilidad de inyección de shell en el dispositivo de firewall Sophos Cyberoam con CyberoamOS versiones anteriores a 10.6.6 MR-6, permite a atacantes remotos ejecutar comandos arbitrarios por medio de las consolas de Web Admin y SSL VPN. • https://community.sophos.com/kb/en-us/134732 https://community.sophos.com/products/cyberoamos https://thebestvpn.com/cyberoam-preauth-rce • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2015-6811 – Cyberoam Firewall CR500iNG-XP 10.6.2 MR-1 - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2015-6811
SQL injection vulnerability in the Sophos Cyberoam CR500iNG-XP firewall appliance with CyberoamOS 10.6.2 MR-1 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to login.xml. Vulnerabilidad de inyección SQL en el dispositivo de firewall Sophos Cyberoam CR500iNG-XP con CyberoamOS 10.6.2 MR-1 y versiones anteriores, permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro username en login.xml. • https://www.exploit-db.com/exploits/38034 http://packetstormsecurity.com/files/133378/Cyberoam-CR500iNG-XP-10.6.2-MR-1-Blind-SQL-Injection.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •