CVE-2021-30461

CRITICAL EXPLOITED NUCLEI

VoIPmonitor < 24.61 - Unauthenticated Remote Code Execution via SPOOLDIR Injection

Title source: llm

Exploitation Summary

CVE-2021-30461 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 4 public exploits from researchers including Al1ex, Vulnmachines, daedalus. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2021-30461, an unauthenticated remote code execution vulnerability in VoIPmonitor. The exploit leverages improper input validation in the SPOOLDIR parameter to execute arbitrary commands and upload a PHP web shell.

Description

A remote code execution issue was discovered in the web UI of VoIPmonitor before 24.61. When the recheck option is used, the user-supplied SPOOLDIR value (which might contain PHP code) is injected into config/configuration.php.

Exploits (4)

nomisec WORKING POC 12 stars

by Al1ex · remote

https://github.com/Al1ex/CVE-2021-30461

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2021-30461, an unauthenticated remote code execution vulnerability in VoIPmonitor. The exploit leverages improper input validation in the SPOOLDIR parameter to execute arbitrary commands and upload a PHP web shell.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: VoIPmonitor < 24.60

No auth needed

Prerequisites: Network access to the target VoIPmonitor instance · Python 3 with requests library

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505 - Server Software Component

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC 2 stars

by Vulnmachines · remote

https://github.com/Vulnmachines/CVE-2021-30461

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2021-30461, an unauthenticated remote code execution vulnerability in VoIP Monitor. The exploit leverages command injection via the SPOOLDIR parameter to execute arbitrary commands and upload a PHP web shell.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: VoIP Monitor (all versions)

No auth needed

Prerequisites: Network access to the target VoIP Monitor instance · Python 3 with requests library

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC

by daedalus · remote

https://github.com/daedalus/CVE-2021-30461

View Code ZIP pw:eip

This Python script exploits CVE-2021-30461, an unauthenticated remote code execution vulnerability in VoIPmonitor. It crafts a malicious HTTP POST request with a payload that injects a system command via the SPOOLDIR parameter, demonstrating RCE.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: VoIPmonitor (version not specified)

No auth needed

Prerequisites: Network access to the target VoIPmonitor instance · Target must be running a vulnerable version of VoIPmonitor

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC

by puckiestyle · remote

https://github.com/puckiestyle/CVE-2021-30461

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2021-30461, an unauthenticated remote code execution vulnerability in VoIPmonitor. The exploit leverages command injection via the SPOOLDIR parameter to upload a PHP shell and execute arbitrary commands.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: VoIPmonitor < 24.60

No auth needed

Prerequisites: Network access to the target VoIPmonitor instance · Python 3 with the requests library

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Nuclei Templates (1)

VoipMonitor <24.61 - Remote Code Execution

CRITICALby shifacyclewala,hackergautam

Shodan: http.title:"VoIPmonitor" || http.title:"voipmonitor"

FOFA: title="voipmonitor"

References (1)

Core 1

Core References

Exploit, Third Party Advisory x_refsource_misc

https://ssd-disclosure.com/ssd-advisory--voipmonitor-unauth-rce

Scores

CVSS v3 9.8

EPSS 0.3663

EPSS Percentile 98.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2024-09-06

CWE

CWE-94

Status published

Products (1)

voipmonitor/voipmonitor < 24.61

Published May 29, 2021

Tracked Since Feb 18, 2026