216.73.217.22

CVE-2026-23759

· Published 17/03/2026 16:16 · Modified 18/03/2026 14:52

Labels: CVE-2026-23759 2026-03-17CVE-2026-23759CWE-78[email protected]

Essential information

Published
17/03/2026 16:16
Modified
18/03/2026 14:52
Author
Creator
CVSS
8.6 HIGH (v3) 8.6 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Perle IOLAN STS/SCS terminal server models with firmware versions prior to 6.0 allow authenticated OS command injection via the restricted shell accessed over Telnet or SSH. The shell 'ps' command does not perform proper argument sanitization and passes user-supplied parameters into an 'sh -c' invocation running as root. An authenticated attacker who can log in to the device can inject shell metacharacters after the 'ps' subcommand to execute arbitrary OS commands with root privileges, leading to full compromise of the underlying operating system.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
perle / iolan cpe:2.3:a:perle:iolan:*:<6.0:*:*:*:*:*:*

References