CVE-2015-6024

CRITICAL

NetCommWireless HSPA 3G10WVE - Command Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-6024. PoCs published by Bhadresh Patel.

AI-analyzed exploit summary This exploit demonstrates an authentication bypass and command injection vulnerability in NetCommWireless HSPA 3G10WVE Wireless Router. The PoC URL shows how an attacker can bypass authentication and execute arbitrary commands via the DIA_IPADDRESS parameter in ping.cgi.

Description

ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01_R05 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the DIA_IPADDRESS parameter.

Exploits (1)

exploitdb WORKING POC
by Bhadresh Patel · textwebappscgi
https://www.exploit-db.com/exploits/39762

This exploit demonstrates an authentication bypass and command injection vulnerability in NetCommWireless HSPA 3G10WVE Wireless Router. The PoC URL shows how an attacker can bypass authentication and execute arbitrary commands via the DIA_IPADDRESS parameter in ping.cgi.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: NetCommWireless HSPA 3G10WVE Wireless Router (3G10WVE-L101-S306ETS-C01_R03)
No auth needed
Prerequisites: Network access to the vulnerable router
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/39762/
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2016/May/18
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/538297/100/0/threaded
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2016/May/13
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/538263/100/0/threaded

Scores

CVSS v3 9.8
EPSS 0.4929
EPSS Percentile 97.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-77
Status published
Products (1)
netcommwireless/hspa_3g10wve_firmware 3g10wve-l101-s306ets-c01_r03
Published Feb 09, 2017
Tracked Since Feb 18, 2026