CVE-2023-37057
An issue in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to execute arbitrary code via the router's authent
CVSS
9.8
Critical
EPSS
0.9%
p56
KEV
—
Exploit Today
17
0-100
Published: Jun 17, 2024 · Last modified: Jul 9, 2026 · CWE-288
0.9%EPSS · 30 days0.9%
2026-06-302026-07-16
An issue in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to execute arbitrary code via the router's authentication mechanism.
- www.unionman.com.cnhttp://www.unionman.com.cn/en/contact.html
- github.comhttps://github.com/ri5c/Jlink-Router-RCE
- jlink-global.comhttps://jlink-global.com/
- www.unionman.com.cnhttp://www.unionman.com.cn/en/contact.html
- github.comhttps://github.com/ri5c/Jlink-Router-RCE
- jlink-global.comhttps://jlink-global.com/
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2024-555919.8 CRI99.9%
KEV—80Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability8dCVE-2025-244728.1 HIG86.2%
KEV—76Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability8dCVE-2026-445757.5 HIG71.8%
——22Next.js is a React framework for building full-stack web applications. From 15.2.0 to before 15.5.16 and 16.2.5, App Router applications that rely on middleware or proxy-based checks for authorization can allow unauthorized access through transport-specific route variants used for segment prefetching. In affected configurations, specially crafted .rsc and segment-prefetch URLs can resolve to the same page without being matched by the intended middleware rule, which can allow protected content to be reached without the expected authorization check. This vulnerability is fixed in 15.5.16 and 16.2.5.11hCVE-2026-400228.2 HIG45.8%
——14When authentication is enabled on the Apache Camel embedded HTTP server or embedded management server (camel-platform-http-main) and a non-root context path such as /api or /admin is configured via camel.server.path or camel.management.path, the BasicAuthenticationConfigurer and JWTAuthenticationConfigurer classes derive the authentication path from properties.getPath() when camel.server.authenticationPath / camel.management.authenticationPath is not explicitly set. Combined with the Vert.x sub-router mounting model - the sub-router is mounted at _path_* and the authentication handler is registered inside the sub-router at the resolved path - this causes the authentication handler to match only the exact configured context path, not its subpaths. Unauthenticated requests to subpaths such as /api/_route_ or /admin/observe/info therefore reach protected business routes and management endpoints without being challenged for credentials. The /observe/info endpoint can disclose runtime metadata such as the user, working directory, home directory, process ID, JVM and operating system information.
This issue affects Apache Camel: from 4.14.1 before 4.14.6, from 4.18.0 before 4.18.2.
Users are recommended to upgrade to version 4.20.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, they are suggested to upgrade to 4.14.6. If users are on the 4.18.x LTS releases stream, they are suggested to upgrade to 4.18.2.2dCVE-2026-4802010.0 CRI44.3%
——13Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.48, 3.6.19, and 3.7.3, there is a high severity vulnerability in Traefik's StripPrefix middleware that allows an unauthenticated attacker to bypass route-level authentication and authorization. When a public router matches on a PathPrefix rule and applies the StripPrefix middleware, a request path containing .. or its percent-encoded form %2e%2e can match the public route at routing time and then, after the prefix is stripped and the path is normalized, resolve to a path served by a separate, authenticated router. As a result, an attacker can reach protected backend paths — such as admin or internal configuration endpoints — without satisfying the authentication middleware attached to the protected router. This vulnerability is fixed in 2.11.48, 3.6.19, and 3.7.3.2dCVE-2026-27759.8 CRI42.4%
——13Mitigation bypass in the DOM: HTML Parser component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.2d