A shell command injection in the HW Events SNMP community in XoruX LPAR2RRD and STOR2RRD before 7.30 allows authenticated remote attackers to execute arbitrary shell commands as the user running the service.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HXorux Lpar2rrd
APPXorux< 7.30Xorux Stor2rrd
APPXorux< 7.30
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Command Injection
CWE
Related vulnerabilities
CVE-2021-42371CRITICAL9.8ten sam produkt
lpar2rrd is a hardcoded system account in XoruX LPAR2RRD and STOR2RRD before 7.30.
CVE-2020-24032CRITICAL9.8ten sam produkt
tz.pl on XoruX LPAR2RRD and STOR2RRD 2.70 virtual appliances allows cmd=set&tz=OS command injection via shell ...
CVE-2014-4981CRITICAL9.8ten sam produkt
LPAR2RRD in 3.5 and earlier allows remote attackers to execute arbitrary commands due to insufficient input sa...
CVE-2014-4982CRITICAL9.8ten sam produkt
LPAR2RRD ≤ 4.53 and ≤ 3.5 has arbitrary command injection on the application server.
CVE-2025-54769HIGH8.8ten sam produkt
An authenticated, read-only user can upload a file and perform a directory traversal to have the uploaded file...