漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Hermes WebUI < 0.51.788 Unauthenticated RCE via Terminal API
Vulnerability Description
Hermes WebUI before 0.51.788 contains an unauthenticated remote code execution vulnerability that allows remote attackers to execute arbitrary shell commands by accessing the embedded terminal API endpoints without credentials. Attackers can create a session, attach a PTY shell, and write arbitrary commands through the terminal input endpoint to achieve full command execution as the server process user via four sequential unauthenticated HTTP requests.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
关键功能的认证机制缺失
Vulnerability Title
Nathan Esquenazi Hermes WebUI 授权问题漏洞
Vulnerability Description
Nathan Esquenazi Hermes WebUI是Nathan Esquenazi个人开发者的Web服务器。 Nathan Esquenazi Hermes WebUI 0.51.788之前版本存在授权问题漏洞,该漏洞源于未授权访问终端API端点,可能导致远程攻击者执行任意shell命令。
CVSS Information
N/A
Vulnerability Type
N/A