CVE-2015-10145

HIGH EXPLOITED

Gargoyle router management utility <1.5.x - Command Injection

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2015-10145 has been observed exploited in the wild (reported by VulnCheck KEV).

Description

Gargoyle router management utility versions 1.5.x contain an authenticated OS command execution vulnerability in /utility/run_commands.sh. The application fails to properly restrict or validate input supplied via the 'commands' parameter, allowing an authenticated attacker to execute arbitrary shell commands on the underlying system. Successful exploitation may result in full compromise of the device, including unauthorized access to system files and execution of attacker-controlled commands.

References (4)

Core 4

Scores

CVSS v3 8.8
EPSS 0.0063
EPSS Percentile 45.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

VulnCheck KEV 2025-12-31
CWE
CWE-78
Status published
Products (2)
Gargoyle/Gargoyle Router Management Utility 1.5.0
gargoyle-router/gargoyle 1.5.0 - 1.5.11
Published Dec 31, 2025
Tracked Since Feb 18, 2026