CVE-2015-10145 HIGH

CVE-2015-10145: Gargoyle 1.5.x Authenticated OS Command Execution via run_commands.sh

Vendor Gargoyle
Product Gargoyle Router Management Utility
Weakness CWE-78
Published December 31, 2025
Last update March 23, 2026

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Gargoyle router management utility versions 1.5.x contain an authenticated OS command execution vulnerability in /utility/run_commands.sh. The application fails to properly restrict or validate input supplied via the 'commands' parameter, allowing an authenticated attacker to execute arbitrary shell commands on the underlying system. Successful exploitation may result in full compromise of the device, including unauthorized access to system files and execution of attacker-controlled commands.

Key dates

02Disclosure timeline

December 31, 2025 CVE published
March 23, 2026 Record updated