CVE-2015-2280

HIGH EXPLOITED

AirLink101 SkyIPCam1620W Wireless N MPEG4 3GPP Firmware - Authenticated OS Command Injection via mac Parameter

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2015-2280 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including Core Security.

AI-analyzed exploit summary The advisory describes an OS command injection vulnerability in the AirLink101 SkyIPCam1620W camera's snwrite.cgi binary, exploitable via the 'mac' parameter. It includes details on the vulnerability, affected firmware, and a proof-of-concept example using a backdoor account.

Description

snwrite.cgi in AirLink101 SkyIPCam1620W Wireless N MPEG4 3GPP network camera with firmware FW_AIC1620W_1.1.0-12_20120709_r1192.pck allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the mac parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Core Security · textwebappshardware
https://www.exploit-db.com/exploits/37527

The advisory describes an OS command injection vulnerability in the AirLink101 SkyIPCam1620W camera's snwrite.cgi binary, exploitable via the 'mac' parameter. It includes details on the vulnerability, affected firmware, and a proof-of-concept example using a backdoor account.

Classification
Writeup 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: AirLink101 SkyIPCam1620W Wireless N MPEG4 3GPP Network Camera with firmware FW_AIC1620W_1.1.0-12_20120709_r1192.pck
Auth required
Prerequisites: Network access to the vulnerable device · Valid credentials or use of the backdoor account 'productmaker:ftvsbannedcode'
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Exploit, Mailing List, Third Party Advisory, VDB Entry mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2015/Jul/40
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/75597
Exploit, Technical Description, Third Party Advisory x_refsource_misc
https://www.coresecurity.com/advisories/airlink101-skyipcam1620w-os-command-injection
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/535963/100/0/threaded
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/37527/

Scores

CVSS v3 8.8
EPSS 0.1699
EPSS Percentile 96.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2025-10-19
CWE
CWE-78
Status published
Products (1)
airlink101/skyipcam1620w_wireless_n_mpeg4_3gpp_firmware 1.1.0-12_20120709
Published Jul 25, 2017
Tracked Since Feb 18, 2026