Name: IPFire Firewall Vendor: IPFire Vulnerability: Command Injection Affected Versions: Versions before 2.21 – Core Update 124 CVE ID: CVE-2018-16232 IPFire is an open source firewall. I discovered an authenticated command injection in their firewall. The vulnerabilities reside in the backup.cgi file. I have IPFire running at https://10.10.10.25:444 in Virtual Box. This is a partial view of the … Continue reading Command Injection on IPFire Firewalls