CWE-489
AllowedActive Debug Code
Abstraction: Base · Status: Draft
The product is released with debugging code still enabled or active.
141 vulnerabilities reference this CWE, most recent first.
GHSA-RXHH-C759-8W6X
Vulnerability from github – Published: 2025-03-28 18:33 – Updated: 2025-03-28 18:33A vulnerability was found in Netis WF-2404 1.1.124EN. It has been declared as critical. This vulnerability affects unknown code of the component UART. The manipulation leads to hardware allows activation of test or debug logic at runtime. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2025-2919"
],
"database_specific": {
"cwe_ids": [
"CWE-489"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-28T18:15:17Z",
"severity": "HIGH"
},
"details": "A vulnerability was found in Netis WF-2404 1.1.124EN. It has been declared as critical. This vulnerability affects unknown code of the component UART. The manipulation leads to hardware allows activation of test or debug logic at runtime. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-rxhh-c759-8w6x",
"modified": "2025-03-28T18:33:37Z",
"published": "2025-03-28T18:33:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2919"
},
{
"type": "WEB",
"url": "https://scoozi.substack.com/p/hacking-a-netis-wf-2404-router-with"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.301894"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.301894"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.521036"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-V3GR-MCR8-2WV5
Vulnerability from github – Published: 2024-12-23 03:30 – Updated: 2024-12-23 03:30Multiple SHARP routers leave the hidden debug function enabled. An arbitrary OS command may be executed with the root privilege by a remote unauthenticated attacker.
{
"affected": [],
"aliases": [
"CVE-2024-46873"
],
"database_specific": {
"cwe_ids": [
"CWE-489"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-23T01:15:07Z",
"severity": "CRITICAL"
},
"details": "Multiple SHARP routers leave the hidden debug function enabled. An arbitrary OS command may be executed with the root privilege by a remote unauthenticated attacker.",
"id": "GHSA-v3gr-mcr8-2wv5",
"modified": "2024-12-23T03:30:47Z",
"published": "2024-12-23T03:30:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46873"
},
{
"type": "WEB",
"url": "https://jvn.jp/en/jp/JVN61635834"
},
{
"type": "WEB",
"url": "https://k-tai.sharp.co.jp/support/info/info083.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-V532-7C4X-249V
Vulnerability from github – Published: 2025-10-31 00:30 – Updated: 2025-11-03 18:31A vulnerability was identified in certain UniFi Talk devices where internal debugging functionality remained unintentionally enabled. This issue could allow an attacker with access to the UniFi Talk management network to invoke internal debug operations through the device API.
Affected Products: UniFi Talk Touch (Version 1.21.16 and earlier) UniFi Talk Touch Max (Version 2.21.22 and earlier) UniFi Talk G3 Phones (Version 3.21.26 and earlier)
Mitigation: Update the UniFi Talk Touch to Version 1.21.17 or later. Update the UniFi Talk Touch Max to Version 2.21.23 or later. Update the UniFi Talk G3 Phones to Version 3.21.27 or later.
{
"affected": [],
"aliases": [
"CVE-2025-52663"
],
"database_specific": {
"cwe_ids": [
"CWE-489"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-31T00:15:36Z",
"severity": "HIGH"
},
"details": "A vulnerability was identified in certain UniFi Talk devices where internal debugging functionality remained unintentionally enabled. This issue could allow an attacker with access to the UniFi Talk management network to invoke internal debug operations through the device API.\n\n\nAffected Products:\nUniFi Talk Touch (Version 1.21.16 and earlier) \nUniFi Talk Touch Max (Version 2.21.22 and earlier) \nUniFi Talk G3 Phones (Version 3.21.26 and earlier) \n \nMitigation:\nUpdate the UniFi Talk Touch to Version 1.21.17 or later.\nUpdate the UniFi Talk Touch Max to Version 2.21.23 or later.\nUpdate the UniFi Talk G3 Phones to Version 3.21.27 or later.",
"id": "GHSA-v532-7c4x-249v",
"modified": "2025-11-03T18:31:51Z",
"published": "2025-10-31T00:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52663"
},
{
"type": "WEB",
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-055-055/9b65527b-489c-4f16-ac34-2b887754db1e"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-VFJ7-WC6M-2F4V
Vulnerability from github – Published: 2024-11-12 06:30 – Updated: 2024-11-12 06:30Active debug code vulnerability exists in Mesh Wi-Fi router RP562B firmware version v1.0.2 and earlier. If this vulnerability is exploited, a network-adjacent authenticated attacker may obtain or alter the settings of the device .
{
"affected": [],
"aliases": [
"CVE-2024-29075"
],
"database_specific": {
"cwe_ids": [
"CWE-489"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-12T06:15:03Z",
"severity": "MODERATE"
},
"details": "Active debug code vulnerability exists in Mesh Wi-Fi router RP562B firmware version v1.0.2 and earlier. If this vulnerability is exploited, a network-adjacent authenticated attacker may obtain or alter the settings of the device .",
"id": "GHSA-vfj7-wc6m-2f4v",
"modified": "2024-11-12T06:30:34Z",
"published": "2024-11-12T06:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29075"
},
{
"type": "WEB",
"url": "https://jvn.jp/en/vu/JVNVU90676195"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-VG9H-JX4V-CWX2
Vulnerability from github – Published: 2026-01-29 15:32 – Updated: 2026-01-29 15:32Summary
The Unfurl web app enables Flask debug mode even when configuration sets debug = False. The config value is read as a string and passed directly to app.run(debug=...), so any non-empty string evaluates truthy. This leaves the Werkzeug debugger active by default.
Details
unfurl/app.py:web_app()readsdebugviaconfig['UNFURL_APP'].get('debug'), which returns a string.UnfurlApp.__init__passes that string directly toapp.run(debug=unfurl_debug, ...).- If
unfurl.iniomitsdebug, the default argument is the string"True". - As a result, debug mode is effectively always on and cannot be reliably disabled via config.
PoC
- Create a local
unfurl.iniwithdebug = Falseunder[UNFURL_APP]. - Run the server using
unfurl_app(orpython -c 'from unfurl.app import web_app; web_app()'). - Observe server logs showing
Debug mode: on/Debugger is active!. - The included PoC script
security_poc/poc_debug_mode.py --spawnautomates this check.
PoC Script (inline)
#!/usr/bin/env python3
"""
Unfurl Debug Mode PoC (Corrected)
================================
This PoC demonstrates that Unfurl's Flask debug mode is effectively
**always enabled by default** due to string parsing of the `debug`
config value. Even `debug = False` in `unfurl.ini` evaluates truthy
when passed to `app.run(debug=...)`.
Two modes:
1) --spawn (default): launch a local Unfurl server with debug=False
in a temp config and inspect logs for "Debug mode: on".
2) --target: attempt a remote indicator check (best-effort; may be silent
if no exception is triggered).
"""
import argparse
import os
import subprocess
import sys
import tempfile
import textwrap
import time
def run_spawn_check() -> None:
repo_root = os.path.abspath(os.path.join(os.path.dirname(__file__), '..'))
ini_contents = textwrap.dedent("""
[UNFURL_APP]
host = 127.0.0.1
port = 5055
debug = False
remote_lookups = false
[API_KEYS]
bitly =
macaddress_io =
""").strip() + "\n"
with tempfile.TemporaryDirectory() as tmp:
ini_path = os.path.join(tmp, 'unfurl.ini')
with open(ini_path, 'w') as f:
f.write(ini_contents)
env = os.environ.copy()
env['PYTHONPATH'] = repo_root
cmd = [sys.executable, '-c', 'from unfurl.app import web_app; web_app()']
proc = subprocess.Popen(
cmd,
cwd=tmp,
env=env,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
text=True
)
# Allow server to start and emit logs
time.sleep(2)
proc.terminate()
try:
out, err = proc.communicate(timeout=2)
except subprocess.TimeoutExpired:
proc.kill()
out, err = proc.communicate()
output = (out or "") + (err or "")
print("\n[+] Debug mode spawn check")
print(" Config: debug = False")
if "Debug mode: on" in output or "Debugger is active" in output:
print(" ✅ Debug mode is ON despite debug=False (vulnerable)")
else:
print(" ⚠️ Debug mode not detected in logs (check output below)")
if output.strip():
print("\n--- server output (truncated) ---")
print("\n".join(output.splitlines()[:15]))
print("--- end ---")
def run_remote_probe(target: str) -> None:
import requests
print("\n[+] Remote debug indicator probe (best-effort)")
print(f" Target: {target}")
# This app does not easily throw exceptions from user input, so
# absence of indicators does NOT prove debug is off.
probe_urls = [
f"{target.rstrip('/')}/__nonexistent__",
]
detected = False
for url in probe_urls:
try:
resp = requests.get(url, timeout=10)
if "Werkzeug Debugger" in resp.text or "Traceback" in resp.text:
detected = True
print(" ✅ Debug indicators found")
break
except Exception as e:
print(f" ⚠️ Probe failed: {e}")
if not detected:
print(" ⚠️ No debug indicators found (this is not definitive)")
def main():
parser = argparse.ArgumentParser(description='Unfurl debug mode PoC (corrected)')
parser.add_argument('--spawn', action='store_true', help='Run local spawn check (default)')
parser.add_argument('--target', help='Target Unfurl URL for remote probe')
args = parser.parse_args()
if args.target:
run_remote_probe(args.target)
else:
run_spawn_check()
if __name__ == '__main__':
main()
Impact
If the service is exposed beyond localhost (bound to 0.0.0.0 or reverse-proxied), an attacker can access the Werkzeug debugger. This can disclose sensitive information and may allow remote code execution if a debugger PIN is obtained. At minimum, stack traces and environment details are exposed on errors.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "dfir-unfurl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "20250810"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-489"
],
"github_reviewed": true,
"github_reviewed_at": "2026-01-29T15:32:33Z",
"nvd_published_at": null,
"severity": "CRITICAL"
},
"details": "### Summary\nThe Unfurl web app enables Flask debug mode even when configuration sets `debug = False`. The config value is read as a string and passed directly to `app.run(debug=...)`, so any non-empty string evaluates truthy. This leaves the Werkzeug debugger active by default.\n\n### Details\n- `unfurl/app.py:web_app()` reads `debug` via `config[\u0027UNFURL_APP\u0027].get(\u0027debug\u0027)`, which returns a string.\n- `UnfurlApp.__init__` passes that string directly to `app.run(debug=unfurl_debug, ...)`.\n- If `unfurl.ini` omits `debug`, the default argument is the string `\"True\"`.\n- As a result, debug mode is effectively always on and cannot be reliably disabled via config.\n\n### PoC\n1. Create a local `unfurl.ini` with `debug = False` under `[UNFURL_APP]`.\n2. Run the server using `unfurl_app` (or `python -c \u0027from unfurl.app import web_app; web_app()\u0027`).\n3. Observe server logs showing `Debug mode: on` / `Debugger is active!`.\n4. The included PoC script `security_poc/poc_debug_mode.py --spawn` automates this check.\n\n### PoC Script (inline)\n```python\n#!/usr/bin/env python3\n\"\"\"\nUnfurl Debug Mode PoC (Corrected)\n================================\n\nThis PoC demonstrates that Unfurl\u0027s Flask debug mode is effectively\n**always enabled by default** due to string parsing of the `debug`\nconfig value. Even `debug = False` in `unfurl.ini` evaluates truthy\nwhen passed to `app.run(debug=...)`.\n\nTwo modes:\n1) --spawn (default): launch a local Unfurl server with debug=False\n in a temp config and inspect logs for \"Debug mode: on\".\n2) --target: attempt a remote indicator check (best-effort; may be silent\n if no exception is triggered).\n\"\"\"\n\nimport argparse\nimport os\nimport subprocess\nimport sys\nimport tempfile\nimport textwrap\nimport time\n\n\ndef run_spawn_check() -\u003e None:\n repo_root = os.path.abspath(os.path.join(os.path.dirname(__file__), \u0027..\u0027))\n\n ini_contents = textwrap.dedent(\"\"\"\n [UNFURL_APP]\n host = 127.0.0.1\n port = 5055\n debug = False\n remote_lookups = false\n\n [API_KEYS]\n bitly =\n macaddress_io =\n \"\"\").strip() + \"\\n\"\n\n with tempfile.TemporaryDirectory() as tmp:\n ini_path = os.path.join(tmp, \u0027unfurl.ini\u0027)\n with open(ini_path, \u0027w\u0027) as f:\n f.write(ini_contents)\n\n env = os.environ.copy()\n env[\u0027PYTHONPATH\u0027] = repo_root\n\n cmd = [sys.executable, \u0027-c\u0027, \u0027from unfurl.app import web_app; web_app()\u0027]\n proc = subprocess.Popen(\n cmd,\n cwd=tmp,\n env=env,\n stdout=subprocess.PIPE,\n stderr=subprocess.PIPE,\n text=True\n )\n\n # Allow server to start and emit logs\n time.sleep(2)\n proc.terminate()\n try:\n out, err = proc.communicate(timeout=2)\n except subprocess.TimeoutExpired:\n proc.kill()\n out, err = proc.communicate()\n\n output = (out or \"\") + (err or \"\")\n\n print(\"\\n[+] Debug mode spawn check\")\n print(\" Config: debug = False\")\n\n if \"Debug mode: on\" in output or \"Debugger is active\" in output:\n print(\" \u2705 Debug mode is ON despite debug=False (vulnerable)\")\n else:\n print(\" \u26a0\ufe0f Debug mode not detected in logs (check output below)\")\n\n if output.strip():\n print(\"\\n--- server output (truncated) ---\")\n print(\"\\n\".join(output.splitlines()[:15]))\n print(\"--- end ---\")\n\n\ndef run_remote_probe(target: str) -\u003e None:\n import requests\n\n print(\"\\n[+] Remote debug indicator probe (best-effort)\")\n print(f\" Target: {target}\")\n\n # This app does not easily throw exceptions from user input, so\n # absence of indicators does NOT prove debug is off.\n probe_urls = [\n f\"{target.rstrip(\u0027/\u0027)}/__nonexistent__\",\n ]\n\n detected = False\n for url in probe_urls:\n try:\n resp = requests.get(url, timeout=10)\n if \"Werkzeug Debugger\" in resp.text or \"Traceback\" in resp.text:\n detected = True\n print(\" \u2705 Debug indicators found\")\n break\n except Exception as e:\n print(f\" \u26a0\ufe0f Probe failed: {e}\")\n\n if not detected:\n print(\" \u26a0\ufe0f No debug indicators found (this is not definitive)\")\n\n\ndef main():\n parser = argparse.ArgumentParser(description=\u0027Unfurl debug mode PoC (corrected)\u0027)\n parser.add_argument(\u0027--spawn\u0027, action=\u0027store_true\u0027, help=\u0027Run local spawn check (default)\u0027)\n parser.add_argument(\u0027--target\u0027, help=\u0027Target Unfurl URL for remote probe\u0027)\n args = parser.parse_args()\n\n if args.target:\n run_remote_probe(args.target)\n else:\n run_spawn_check()\n\n\nif __name__ == \u0027__main__\u0027:\n main()\n```\n\n### Impact\nIf the service is exposed beyond localhost (bound to 0.0.0.0 or reverse-proxied), an attacker can access the Werkzeug debugger. This can disclose sensitive information and may allow remote code execution if a debugger PIN is obtained. At minimum, stack traces and environment details are exposed on errors.",
"id": "GHSA-vg9h-jx4v-cwx2",
"modified": "2026-01-29T15:32:33Z",
"published": "2026-01-29T15:32:33Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/obsidianforensics/unfurl/security/advisories/GHSA-vg9h-jx4v-cwx2"
},
{
"type": "WEB",
"url": "https://github.com/obsidianforensics/unfurl/commit/4c0a07ab1e9af3a1ddf0e7f47153ec9ba77946dd"
},
{
"type": "PACKAGE",
"url": "https://github.com/obsidianforensics/unfurl"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Unfurl\u0027s debug mode cannot be disabled due to string config parsing (Werkzeug debugger exposure)"
}
GHSA-VW8Q-RCFX-XF52
Vulnerability from github – Published: 2023-11-11 00:30 – Updated: 2023-11-16 18:30An unauthorized user could access debug features in Quantum HD Unity products that were accidentally exposed.
{
"affected": [],
"aliases": [
"CVE-2023-4804"
],
"database_specific": {
"cwe_ids": [
"CWE-489"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-11-10T23:15:07Z",
"severity": "CRITICAL"
},
"details": "An\u00a0unauthorized user could access debug features in Quantum HD Unity products that were accidentally exposed.",
"id": "GHSA-vw8q-rcfx-xf52",
"modified": "2023-11-16T18:30:30Z",
"published": "2023-11-11T00:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4804"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-313-01"
},
{
"type": "WEB",
"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-W747-G6FP-45P6
Vulnerability from github – Published: 2023-02-02 06:30 – Updated: 2023-02-10 18:30Active Debug Code vulnerability in robot controller of Mitsubishi Electric Corporation industrial robot MELFA SD/SQ Series and MELFA F-Series allows a remote unauthenticated attacker to gain unauthorized access by authentication bypass through an unauthorized telnet login. As for the affected model names, controller types and firmware versions, see the Mitsubishi Electric's advisory which is listed in [References] section.
{
"affected": [],
"aliases": [
"CVE-2022-33323"
],
"database_specific": {
"cwe_ids": [
"CWE-489",
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-02T06:15:00Z",
"severity": "HIGH"
},
"details": "Active Debug Code vulnerability in robot controller of Mitsubishi Electric Corporation industrial robot MELFA SD/SQ Series and MELFA F-Series allows a remote unauthenticated attacker to gain unauthorized access by authentication bypass through an unauthorized telnet login. As for the affected model names, controller types and firmware versions, see the Mitsubishi Electric\u0027s advisory which is listed in [References] section.",
"id": "GHSA-w747-g6fp-45p6",
"modified": "2023-02-10T18:30:30Z",
"published": "2023-02-02T06:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-33323"
},
{
"type": "WEB",
"url": "https://jvn.jp/vu/JVNVU94588481/index.html"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-05"
},
{
"type": "WEB",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-020_en.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-WR7X-H4GM-XV5V
Vulnerability from github – Published: 2022-10-25 19:00 – Updated: 2022-10-26 12:00An OS command injection vulnerability exists in the console_main_loop :sys functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z. A specially-crafted XCMD can lead to arbitrary command execution. An attacker can send an XML payload to trigger this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2022-29520"
],
"database_specific": {
"cwe_ids": [
"CWE-489",
"CWE-78"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-10-25T17:15:00Z",
"severity": "CRITICAL"
},
"details": "An OS command injection vulnerability exists in the console_main_loop :sys functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z. A specially-crafted XCMD can lead to arbitrary command execution. An attacker can send an XML payload to trigger this vulnerability.",
"id": "GHSA-wr7x-h4gm-xv5v",
"modified": "2022-10-26T12:00:30Z",
"published": "2022-10-25T19:00:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29520"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1561"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WXP5-9W64-PP68
Vulnerability from github – Published: 2023-08-24 06:30 – Updated: 2024-04-04 07:10A vulnerability has been identified in the ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, which can be exploited by malicious actors to potentially gain unauthorized access to the product. This could lead to security breaches, data theft, and unauthorized manipulation of sensitive information. The vulnerability is attributed to the presence of an unauthorized service, which could potentially enable unauthorized access to the. device.
{
"affected": [],
"aliases": [
"CVE-2023-4227"
],
"database_specific": {
"cwe_ids": [
"CWE-284",
"CWE-489",
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-24T06:15:44Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been identified in the ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, which can be exploited by malicious actors to potentially gain unauthorized access to the product. This could lead to security breaches, data theft, and unauthorized manipulation of sensitive information. The vulnerability is attributed to the presence of an unauthorized service, which could potentially enable unauthorized access to the. device.\n\n",
"id": "GHSA-wxp5-9w64-pp68",
"modified": "2024-04-04T07:10:20Z",
"published": "2023-08-24T06:30:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4227"
},
{
"type": "WEB",
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230310-iologik-4000-series-multiple-web-server-vulnerabilities-and-improper-access-control-vulnerability"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-XG63-7J7M-696F
Vulnerability from github – Published: 2024-06-25 15:31 – Updated: 2024-06-25 15:31A leftover debug code vulnerability exists in the cli_server debug functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.4.1 Build 20240117 Rel.57421. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2024-21827"
],
"database_specific": {
"cwe_ids": [
"CWE-489"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-25T14:15:10Z",
"severity": "HIGH"
},
"details": "A leftover debug code vulnerability exists in the cli_server debug functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.4.1 Build 20240117 Rel.57421. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability.",
"id": "GHSA-xg63-7j7m-696f",
"modified": "2024-06-25T15:31:08Z",
"published": "2024-06-25T15:31:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21827"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1947"
},
{
"type": "WEB",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1947"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Remove debug code before deploying the application.
CAPEC-121: Exploit Non-Production Interfaces
An adversary exploits a sample, demonstration, test, or debug interface that is unintentionally enabled on a production system, with the goal of gleaning information or leveraging functionality that would otherwise be unavailable.
CAPEC-661: Root/Jailbreak Detection Evasion via Debugging
An adversary inserts a debugger into the program entry point of a mobile application to modify the application binary, with the goal of evading Root/Jailbreak detection. Mobile device users often Root/Jailbreak their devices in order to gain administrative control over the mobile operating system and/or to install third-party mobile applications that are not provided by authorized application stores (e.g. Google Play Store and Apple App Store). Rooting/Jailbreaking a mobile device also provides users with access to system debuggers and disassemblers, which can be leveraged to exploit applications by dumping the application's memory at runtime in order to remove or bypass signature verification methods. This further allows the adversary to evade Root/Jailbreak detection mechanisms, which can result in execution of administrative commands, obtaining confidential data, impersonating legitimate users of the application, and more.