Scorpion-Security-Labs

CVE-2020-12124 NOMISEC CRITICAL WORKING POC

WAVLINK WN530H4 M30H4.V5030.190403 - Unauthenticated Remote Command Execution via live_api.cgi Endpoint

A remote command-line injection vulnerability in the /cgi-bin/live_api.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary Linux commands as root without authentication.

CVSS 9.8

View Code

CVE-2018-5767 NOMISEC CRITICAL WORKING POC

Tenda AC15 <V15.03.1.16_multi - RCE

An issue was discovered on Tenda AC15 V15.03.1.16_multi devices. A remote, unauthenticated attacker can gain remote code execution on the device with a crafted password parameter for the COOKIE header.

CVSS 9.8

View Code