CVE-2015-10145
published 2025-12-31CVE-2015-10145: Gargoyle router management utility versions 1.5.x contain an authenticated OS command execution vulnerability in /utility/run_commands.sh. The application…
PriorityP183high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.63%
45.6th percentile
Gargoyle router management utility versions 1.5.x contain an authenticated OS command execution vulnerability in /utility/run_commands.sh. The application fails to properly restrict or validate input supplied via the 'commands' parameter, allowing an authenticated attacker to execute arbitrary shell commands on the underlying system. Successful exploitation may result in full compromise of the device, including unauthorized access to system files and execution of attacker-controlled commands.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gargoyle-router | gargoyle | 1.5.0 – 1.5.11 | — |
| gargoyle | gargoyle_router_management_utility | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv4.08.7HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vulncheck8.7HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4973-8mgr-386v: Gargoyle router management utility versions 1
ghsa_unreviewed·2025-12-31
CVE-2015-10145 [HIGH] CWE-78 GHSA-4973-8mgr-386v: Gargoyle router management utility versions 1
Gargoyle router management utility versions 1.5.x contain an authenticated OS command execution vulnerability in /utility/run_commands.sh. The application fails to properly restrict or validate input supplied via the 'commands' parameter, allowing an authenticated attacker to execute arbitrary shell commands on the underlying system. Successful exploitation may result in full compromise of the device, including unauthorized access to system files and execution of attacker-controlled commands.
VulnCheck
Gargoyle Authenticated 'run_commands.sh' OS Command Execution
vulncheck·2015·CVSS 8.7
CVE-2015-10145 [HIGH] Gargoyle Authenticated 'run_commands.sh' OS Command Execution
Gargoyle Authenticated 'run_commands.sh' OS Command Execution
Gargoyle router management utility versions 1.5.x contain an authenticated OS command execution vulnerability in /utility/run_commands.sh. The application fails to properly restrict or validate input supplied via the 'commands' parameter, allowing an authenticated attacker to execute arbitrary shell commands on the underlying system. Successful exploitation may result in full compromise of the device, including unauthorized access to system files and execution of attacker-controlled commands.
Affected: Gargoyle Gargoyle Router Management Utility
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: h
No detection rules found.
No public exploits indexed.
2025-12-31
Published
Exploited in the wild