CVSS: 8.3EPSS: 0%CPEs: 7EXPL: 0CVE-2022-40740 – Realtek GPON router - Command Injection
https://notcve.org/view.php?id=CVE-2022-40740
03 Jan 2023 — Realtek GPON router has insufficient filtering for special characters. A remote attacker authenticated as an administrator can exploit this vulnerability to perform command injection attacks, to execute arbitrary system command, manipulate system or disrupt service. • https://www.twcert.org.tw/tw/cp-132-6831-19121-1.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2021-27372
https://notcve.org/view.php?id=CVE-2021-27372
25 Mar 2021 — Realtek xPON RTL9601D SDK 1.9 stores passwords in plaintext which may allow attackers to possibly gain access to the device with root permissions via the build-in network monitoring tool and execute arbitrary commands. Realtek xPON RTL9601D SDK versión 1.9, almacena las contraseñas en texto plano, lo que puede permitir que atacantes posiblemente consigan acceso al dispositivo con permisos root por medio de la herramienta de monitoreo de red incorporada y ejecutar comandos arbitrarios. • https://www.realtek.com/images/safe-report/RTL9601D_CVE-2021-27372.pdf • CWE-522: Insufficiently Protected Credentials •