CVE-2015-10145

Vulnerability Description

Gargoyle router management utility versions 1.5.x contain an authenticated OS command execution vulnerability in /utility/run_commands.sh. The application fails to properly restrict or validate input supplied via the 'commands' parameter, allowing an authenticated attacker to execute arbitrary shell commands on the underlying system. Successful exploitation may result in full compromise of the device, including unauthorized access to system files and execution of attacker-controlled commands.

Vulnerability Details

Published Date

December 31, 2025

Last Modified

January 02, 2026

CWE ID

CWE-78

Source

NVD

External References

https://blog.xlab.qianxin.com/large-scale-botnet-airashi-en/
https://packetstorm.news/files/id/132149
https://www.gargoyle-router.com/
https://www.vulncheck.com/advisories/gargoyle-authenticated-os-command-execution-via-run-commands-sh
https://blog.xlab.qianxin.com/large-scale-botnet-airashi-en/

CVE-2015-10145

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment