CVE-2016-10760

On Seowon Intech routers, there is a Command Injection vulnerability in diagnostic.cgi via shell metacharacters in the ping_ipaddr parameter.
References
Link Resource
https://ethical-hacker.org/en/seowonintech-remote-root/ Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:seowonintech:swr-300a_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:seowonintech:swr-300a:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:seowonintech:swr-300b_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:seowonintech:swr-300b:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:seowonintech:swr-300c_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:seowonintech:swr-300c:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:seowonintech:swr-300bg_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:seowonintech:swr-300bg:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-06-11 21:29

Updated : 2024-02-28 17:08


NVD link : CVE-2016-10760

Mitre link : CVE-2016-10760

CVE.ORG link : CVE-2016-10760


JSON object : View

Products Affected

seowonintech

  • swr-300a_firmware
  • swr-300bg_firmware
  • swr-300bg
  • swr-300c_firmware
  • swr-300c
  • swr-300a
  • swr-300b
  • swr-300b_firmware
CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')