0xNslabs

3 exploits Active since Aug 2022
CVE-2022-36267 NOMISEC CRITICAL WORKING POC
Airspan AirSpot 5410 <0.3.4.1-4 - Command Injection
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. The ping functionality can be called without user authentication when crafting a malicious http request by injecting code in one of the parameters allowing for remote code execution. This vulnerability is exploited via the binary file /home/www/cgi-bin/diagnostics.cgi that accepts unauthenticated requests and unsanitized data. As a result, a malicious actor can craft a specific request and interact remotely with the device.
10 stars
CVSS 9.8
CVE-2022-36553 NOMISEC CRITICAL WORKING POC
Hytec Inter HWL-2511-SS <v1.05 - Command Injection
Hytec Inter HWL-2511-SS v1.05 and below was discovered to contain a command injection vulnerability via the component /www/cgi-bin/popen.cgi.
6 stars
CVSS 9.8
CVE-2024-25832 NOMISEC HIGH WORKING POC
F-logic Datacube3 - Unrestricted File Upload
F-logic DataCube3 v1.0 is vulnerable to unrestricted file upload, which could allow an authenticated malicious actor to upload a file of dangerous type by manipulating the filename extension.
4 stars
CVSS 8.8