CVE-2020-24365

HIGH

Gemtek WRTM-127ACN/WRTM-127x9 - Command Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-24365. PoCs published by Gabriele Zuddas.

AI-analyzed exploit summary This exploit leverages an authenticated command injection vulnerability in Gemtek WVRTM-127ACN routers by injecting arbitrary commands into the `mon_diag_addr` parameter. It supports both direct command execution and file downloads to the target's `/tmp` directory.

Description

An issue was discovered on Gemtek WRTM-127ACN 01.01.02.141 and WRTM-127x9 01.01.02.127 devices. The Monitor Diagnostic network page allows an authenticated attacker to execute a command directly on the target machine. Commands are executed as the root user (uid 0). (Even if a login is required, most routers are left with default credentials.)

Exploits (1)

exploitdb WORKING POC
by Gabriele Zuddas · pythonwebappscgi
https://www.exploit-db.com/exploits/49079

This exploit leverages an authenticated command injection vulnerability in Gemtek WVRTM-127ACN routers by injecting arbitrary commands into the `mon_diag_addr` parameter. It supports both direct command execution and file downloads to the target's `/tmp` directory.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Gemtek WVRTM-127ACN (Firmware 01.01.02.127, 01.01.02.141)
Auth required
Prerequisites: Valid credentials for the target device · Network access to the device's web interface
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://pastebin.com/QTev1TjM

Scores

CVSS v3 8.8
EPSS 0.1128
EPSS Percentile 95.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-78 CWE-1188
Status published
Products (2)
gemteks/wrtm-127acn_firmware 01.01.02.141
gemteks/wrtm-127x9_firmware 01.01.02.127
Published Sep 24, 2020
Tracked Since Feb 18, 2026