CVE-2015-10145

Gargoyle router management utility versions 1.5.x contain an authenticated OS command execution vulnerability in /utility/run_commands.sh. The application fails to properly restrict or validate input supplied via the 'commands' parameter, allowing an authenticated attacker to execute arbitrary shell commands on the underlying system. Successful exploitation may result in full compromise of the device, including unauthorized access to system files and execution of attacker-controlled commands.
Configurations

Configuration 1 (hide)

cpe:2.3:a:gargoyle-router:gargoyle:*:*:*:*:*:*:*:*

History

17 Jun 2026, 00:21

Type Values Removed Values Added
Summary
  • (es) Las versiones 1.5.x de la utilidad de gestión de router Gargoyle contienen una vulnerabilidad de ejecución de comandos del sistema operativo autenticada en /utility/run_commands.sh. La aplicación no restringe o valida adecuadamente la entrada suministrada a través del parámetro 'commands', permitiendo a un atacante autenticado ejecutar comandos de shell arbitrarios en el sistema subyacente. La explotación exitosa puede resultar en el compromiso total del dispositivo, incluyendo acceso no autorizado a archivos del sistema y la ejecución de comandos controlados por el atacante.

29 Jan 2026, 16:53

Type Values Removed Values Added
References () https://blog.xlab.qianxin.com/large-scale-botnet-airashi-en/ - () https://blog.xlab.qianxin.com/large-scale-botnet-airashi-en/ - Exploit, Third Party Advisory
References () https://packetstorm.news/files/id/132149 - () https://packetstorm.news/files/id/132149 - Exploit
References () https://www.gargoyle-router.com/ - () https://www.gargoyle-router.com/ - Product
References () https://www.vulncheck.com/advisories/gargoyle-authenticated-os-command-execution-via-run-commands-sh - () https://www.vulncheck.com/advisories/gargoyle-authenticated-os-command-execution-via-run-commands-sh - Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
First Time Gargoyle-router
Gargoyle-router gargoyle
CPE cpe:2.3:a:gargoyle-router:gargoyle:*:*:*:*:*:*:*:*

02 Jan 2026, 15:15

Type Values Removed Values Added
References () https://blog.xlab.qianxin.com/large-scale-botnet-airashi-en/ - () https://blog.xlab.qianxin.com/large-scale-botnet-airashi-en/ -

31 Dec 2025, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-12-31 21:15

Updated : 2026-06-17 00:21


NVD link : CVE-2015-10145

Mitre link : CVE-2015-10145

CVE.ORG link : CVE-2015-10145


JSON object : View

Products Affected

gargoyle-router

  • gargoyle
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')