CVE-2013-7179

Seowon Intech SWC-9100 - OS Command Injection via ping_ipaddr Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-7179. PoCs published by Josue Rojas.

AI-analyzed exploit summary This exploit leverages a command injection vulnerability in the WiMAX SWC-9100 Mobile Router's diagnostic.cgi endpoint. The PoC uses curl to send a crafted POST request with a malicious ping_ipaddr parameter to execute arbitrary commands (e.g., 'ls -lash /etc').

Description

The ping functionality in cgi-bin/diagnostic.cgi on Seowon Intech SWC-9100 routers allows remote attackers to execute arbitrary commands via shell metacharacters in the ping_ipaddr parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Josue Rojas · textremotecgi
https://www.exploit-db.com/exploits/39074

This exploit leverages a command injection vulnerability in the WiMAX SWC-9100 Mobile Router's diagnostic.cgi endpoint. The PoC uses curl to send a crafted POST request with a malicious ping_ipaddr parameter to execute arbitrary commands (e.g., 'ls -lash /etc').

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: WiMAX SWC-9100 Mobile Router
No auth needed
Prerequisites: Network access to the target device · Diagnostic.cgi endpoint exposed
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/56756
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/431726

Scores

EPSS 0.0411
EPSS Percentile 89.5%

Details

CWE
CWE-20
Status published
Products (1)
seowonintech/swc-9100
Published Feb 04, 2014
Tracked Since Feb 18, 2026