The Cyberoam UTM exposes a web interface through a Jetty web server and this interface allows authenticated users to perform network diagnostic actions such as ping, traceroute, name lookup and so on. These actions are accessible to authenticated users, and are vulnerable to command injection attacks.
92897f1cf9518081c64d69c90f0a44f27f29abc0b185a063b5f3c8018e7b90d7
Cyberoam UTM suffers from a remote Active Directory credential disclosure vulnerability.
813ca26d3a9dd5c758c39a37fd5615eb83c64e15267be72ac41521e54e776709