CVE-2022-50909

Algo 8028 Control Panel version 3.3.3 contains a command injection vulnerability in the fm-data.lua endpoint that allows authenticated attackers to execute arbitrary commands. Attackers can exploit the insecure 'source' parameter by injecting commands that are executed with root privileges,...

CVE-2022-50909

Affected software/component: Algo 8028 Control Panel v3.3.3, fm-data.lua endpoint. Vulnerability: command injection via insecure, authenticated-accessible source parameter, enabling arbitrary command execution with root privileges. A crafted POST request can trigger remote code execution. Impact ...

CVE-2022-50909 Algo 8028 Control Panel - Remote Code Execution (RCE) (Authenticated)

Algo 8028 Control Panel version 3.3.3 contains a command injection vulnerability in the fm-data.lua endpoint that allows authenticated attackers to execute arbitrary commands. Attackers can exploit the insecure 'source' parameter by injecting commands that are executed with root privileges,...

CVE-2022-50909 Algo 8028 Control Panel - Remote Code Execution (RCE) (Authenticated)

Algo 8028 Control Panel version 3.3.3 contains a command injection vulnerability in the fm-data.lua endpoint that allows authenticated attackers to execute arbitrary commands. Attackers can exploit the insecure 'source' parameter by injecting commands that are executed with root privileges,...

PT-2026-2385

Name of the Vulnerable Software and Affected Versions Algo 8028 Control Panel version 3.3.3 Description Algo 8028 Control Panel version 3.3.3 has a command injection issue in the fm-data.lua endpoint. Authenticated attackers can execute arbitrary commands by exploiting the insecure source...

CVE-2022-31395

Algo Communication Products Ltd. 8373 IP Zone Paging Adapter Firmware 1.7.6 allows attackers to perform a directory traversal via a web request sent to /fm-data.lua...