Disclosure Date: March 23, 2020 (last updated July 24, 2020)
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.10B04. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue results from the lack of proper handling of empty passwords. An attacker can leverage this vulnerability to execute arbitrary code on the router. Was ZDI-CAN-9471.
Disclosure Date: February 28, 2020 (last updated June 05, 2020)
Centreon 19.10 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the server_ip field in JSON data in an api/internal.php?object=centreon_configuration_remote request.
Disclosure Date: March 04, 2020 (last updated June 05, 2020)
Disclosure Date: March 28, 2019 (last updated June 05, 2020)
Weak file permissions applied to the Aviatrix VPN Client through 2.2.10 installation directory on Windows and Linux allow a local attacker to execute arbitrary code by gaining elevated privileges through file modifications.
Treck IP stack implementations for embedded systems are [affected by multiple vulnerabilities](https://kb.cert.org/vuls/id/257161). This set of vulnerabilities was researched and reported by JSOF, who calls them Ripple20. A [summary of JSOF’s research is here](https://www.jsof-tech.com/ripple20/#ripple-whitepaper), along with a [technical whitepaper](https://www.jsof-tech.com/wp-content/uploads/2020/06/JSOF_Ripple20_Technical_Whitepaper_June20.pdf). See the [Rapid7 Analysis tab](https://attackerkb.com/topics/EZhbaWNnwV/ripple20-treck-tcp-ip-stack-vulnerabilities?#rapid7-analysis) for further details.