CVE-2015-10145— Gargoyle 1.5.x Authenticated OS Command Execution via run_commands.sh
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2015-10145
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Gargoyle 1.5.x Authenticated OS Command Execution via run_commands.sh
Source: NVD (National Vulnerability Database)
Vulnerability Description
Gargoyle router management utility versions 1.5.x contain an authenticated OS command execution vulnerability in /utility/run_commands.sh. The application fails to properly restrict or validate input supplied via the 'commands' parameter, allowing an authenticated attacker to execute arbitrary shell commands on the underlying system. Successful exploitation may result in full compromise of the device, including unauthorized access to system files and execution of attacker-controlled commands.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Gargoyle Router Management Utility 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Gargoyle Router Management Utility是Gargoyle公司的一个第三方路由器固件。 Gargoyle Router Management Utility 1.5.x版本存在安全漏洞,该漏洞源于对commands参数输入限制或验证不足,可能导致经过身份验证的攻击者执行任意操作系统命令。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Gargoyle | Gargoyle Router Management Utility | 1.5.0 | - |
II. Public POCs for CVE-2015-10145
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2015-10145
Please Login to view more intelligence information
- https://blog.xlab.qianxin.com/large-scale-botnet-airashi-en/technical-description
- https://nvd.nist.gov/vuln/detail/CVE-2015-10145
IV. Related Vulnerabilities
Same weakness: CWE-78
- CVE-2026-8192
Wavlink NU516U1 adm.cgi wzdap os command injection - CVE-2026-8191
Wavlink NU516U1 adm.cgi wifi_region os command injection - CVE-2026-8190
Wavlink NU516U1 adm.cgi wan os command injection - CVE-2026-8189
Wavlink NU516U1 adm.cgi wzdrepeater os command injection - CVE-2026-8188
Wavlink NU516U1 adm.cgi change_wifi_password os command inje
V. Comments for CVE-2015-10145
No comments yet