CRITICAL
Mrf
CVE published 2017-01-31
CVE-2016-10043
CVE-2016-10043 is a critical OS command injection flaw in Radisys MRF Web Panel (SWMS) 9.0.1. The MSM_MACRO_NAME POST parameter in /swms/ms.cgi can be abused with the pipe character to inject OS commands and return command output in application responses, enabling unauthorized command execution under the application's account.