CVE-2015-10145
Published: 31 December 2025
Summary
CVE-2015-10145 is a high-severity OS Command Injection (CWE-78) vulnerability in Gargoyle-Router Gargoyle. Its CVSS base score is 8.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 45.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-9 (Information Input Restrictions).
Deeper analysis
CVE-2015-10145 is an authenticated OS command execution vulnerability affecting Gargoyle router management utility versions 1.5.x. The issue resides in the /utility/run_commands.sh component, where the application fails to properly restrict or validate input supplied via the 'commands' parameter. This allows an authenticated attacker to execute arbitrary shell commands on the underlying system. The vulnerability is classified under CWE-78 and carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
An attacker with low-privilege authenticated access (PR:L) can exploit this vulnerability remotely over the network (AV:N) with low attack complexity (AC:L) and without requiring user interaction (UI:N). Successful exploitation enables arbitrary shell command execution, which may result in full compromise of the device, including unauthorized access to system files and execution of attacker-controlled commands.
Advisories from sources like VulnCheck detail the authenticated OS command execution via run_commands.sh, while PacketStorm provides related exploit information. Blogs from Xlab discuss the vulnerability in the context of the large-scale Airashi botnet.
This vulnerability has seen real-world exploitation, notably as part of the Airashi botnet campaign referenced in security blogs.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-206059
Vulnerability details
Gargoyle router management utility versions 1.5.x contain an authenticated OS command execution vulnerability in /utility/run_commands.sh. The application fails to properly restrict or validate input supplied via the 'commands' parameter, allowing an authenticated attacker to execute arbitrary shell commands on the…
more
underlying system. Successful exploitation may result in full compromise of the device, including unauthorized access to system files and execution of attacker-controlled commands.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability allows authenticated remote exploitation of a public-facing router management web application (T1190) to achieve arbitrary OS command execution via Unix shell (T1059.004).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mandates validation of the 'commands' parameter in run_commands.sh to block arbitrary OS command injection.
Restricts the types, sources, and amounts of command inputs accepted by the vulnerable utility, preventing malicious shell commands.
Enforces least privilege on authenticated users and processes handling the commands parameter, limiting the scope of command execution and potential compromise.