CVE-2015-6023

HIGH

NetCommWireless HSPA 3G10WVE - Auth Bypass

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-6023. PoCs published by Bhadresh Patel.

AI-analyzed exploit summary This exploit demonstrates an authentication bypass and command injection vulnerability in NetCommWireless HSPA 3G10WVE Wireless Router. The PoC URL shows how an attacker can bypass authentication and execute arbitrary commands via the DIA_IPADDRESS parameter in ping.cgi.

Description

ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01_R05 allows remote attackers to bypass intended access restrictions via a direct request. NOTE: this issue can be combined with CVE-2015-6024 to execute arbitrary commands.

Exploits (1)

exploitdb WORKING POC
by Bhadresh Patel · textwebappscgi
https://www.exploit-db.com/exploits/39762

This exploit demonstrates an authentication bypass and command injection vulnerability in NetCommWireless HSPA 3G10WVE Wireless Router. The PoC URL shows how an attacker can bypass authentication and execute arbitrary commands via the DIA_IPADDRESS parameter in ping.cgi.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: NetCommWireless HSPA 3G10WVE Wireless Router (3G10WVE-L101-S306ETS-C01_R03)
No auth needed
Prerequisites: Network access to the vulnerable router
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/39762/
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2016/May/18
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/538297/100/0/threaded
Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2016/May/13
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/538263/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/96383

Scores

CVSS v3 7.3
EPSS 0.1098
EPSS Percentile 95.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Details

CWE
CWE-284
Status published
Products (1)
netcommwireless/hspa_3g10wve_firmware 3g10wve-l101-s306ets-c01_r03
Published Feb 09, 2017
Tracked Since Feb 18, 2026