Dismissed
Permalink
CVE-2026-2686
9.8 CRITICAL
- CVSS version: 3.1
- Attack vector (AV):
- Attack complexity (AC):
- Privileges required (PR):
- User interaction (UI):
- Scope (S):
- Confidentiality impact (C):
- Integrity impact (I):
- Availability impact (A):
by @LeSuisse Activity log
- Created automatic suggestion
-
@LeSuisse
removed
2 packages
- tests.fetchFirefoxAddon.simple
- tests.fetchFirefoxAddon.overridden-source
- @LeSuisse dismissed
SECCN Dingcheng G10 session_login.cgi qq os command injection
A security vulnerability has been detected in SECCN Dingcheng G10 3.1.0.181203. This impacts the function qq of the file /cgi-bin/session_login.cgi. The manipulation of the argument User leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.
References
- VDB-346488 | SECCN Dingcheng G10 session_login.cgi qq os command injection vdb-entry technical-description
- VDB-346488 | CTI Indicators (IOB, IOC, TTP, IOA) signature permissions-required
- Submit #754200 | SECCN SECCN G10 VPN V3.1.0.181203 Unauthorized RCE third-party-advisory
- https://github.com/cha0yang1/SECCN/blob/main/UnauthorizedRCE.md related
- https://github.com/cha0yang1/SECCN/blob/main/UnauthorizedRCE.md#2-vulnerability… exploit
Affected products
G10
- ==3.1.0.181203
Ignored packages (2)
pkgs.tests.fetchFirefoxAddon.simple
None
-
nixos-unstable yvakg10w6mqw
- nixpkgs-unstable yvakg10w6mqw
- nixos-unstable-small yvakg10w6mqw
-
nixos-unstable yvakg10w6mqw
- nixpkgs-unstable yvakg10w6mqw
- nixos-unstable-small yvakg10w6mqw