QwikSec

Security Database

CVE

CWE

Training

CVE-2015-10145

Published: Dec 31, 2025

Modified: Mar 23, 2026

PUBLISHED

Description

Gargoyle router management utility versions 1.5.x contain an authenticated OS command execution vulnerability in /utility/run_commands.sh. The application fails to properly restrict or validate input supplied via the 'commands' parameter, allowing an authenticated attacker to execute arbitrary shell commands on the underlying system. Successful exploitation may result in full compromise of the device, including unauthorized access to system files and execution of attacker-controlled commands.

Vendor	Product	Versions
Gargoyle	Gargoyle Router Management Utility	affected `1.5.0`

Weaknesses (CWE)

References

https://packetstorm.news/files/id/132149

exploit

https://www.gargoyle-router.com/

product

https://blog.xlab.qianxin.com/large-scale-botnet-airashi-en/

technical-description

https://www.vulncheck.com/advisories/gargoyle-authenticated-os-command-execution-via-run-commands-sh

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.