On Seowon Intech routers, there is a Command Injection vulnerability in diagnostic.cgi via shell metacharacters in the ping_ipaddr parameter.
References
Link | Resource |
---|---|
https://ethical-hacker.org/en/seowonintech-remote-root/ | Exploit Third Party Advisory |
https://ethical-hacker.org/en/seowonintech-remote-root/ | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
History
21 Nov 2024, 02:44
Type | Values Removed | Values Added |
---|---|---|
References | () https://ethical-hacker.org/en/seowonintech-remote-root/ - Exploit, Third Party Advisory |
Information
Published : 2019-06-11 21:29
Updated : 2024-11-21 02:44
NVD link : CVE-2016-10760
Mitre link : CVE-2016-10760
CVE.ORG link : CVE-2016-10760
JSON object : View
Products Affected
seowonintech
- swr-300bg_firmware
- swr-300b_firmware
- swr-300c
- swr-300a_firmware
- swr-300a
- swr-300bg
- swr-300b
- swr-300c_firmware
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')