exploitdb
WORKING POC
by Bryan Leong · pythonremotehardware
https://www.exploit-db.com/exploits/50948
This exploit demonstrates an OS command injection vulnerability in Telesquare SDT-CW3B1 1.1.0 via the `admin.cgi` endpoint. It allows unauthenticated remote command execution by injecting commands into the `Cmd` parameter and parsing the XML response.
Classification
Working Poc 95%
Target:
Telesquare SDT-CW3B1 1.1.0
No auth needed
Prerequisites:
Network access to the target device · Target device running vulnerable firmware
exploitdb
WORKING POC
by Ahmed Alroky · textremotehardware
https://www.exploit-db.com/exploits/50936
This exploit demonstrates an OS command injection vulnerability in SDT-CW3B1 1.1.0 via a crafted HTTP GET request to the admin.cgi endpoint. The 'Cmd' parameter is used to execute arbitrary system commands without authentication.
Classification
Working Poc 90%
Target:
SDT-CW3B1 1.1.0
No auth needed
Prerequisites:
Network access to the target device · Target device running vulnerable firmware
nomisec
WORKING POC
3 stars
by Awei507 · remote
https://github.com/Awei507/CVE-RCE
The repository contains two PoC scripts for different CVEs. The first script (CVE-2021-46422.py) targets a command injection vulnerability in a CGI endpoint, while the second (CVE-2022-26134.py) exploits an OGNL injection in Atlassian Confluence for RCE. Both scripts are functional and use the pocsuite3 framework.
Classification
Working Poc 90%
Target:
CVE-2021-46422: Unknown CGI-based system; CVE-2022-26134: Atlassian Confluence < 7.18.1
No auth needed
Prerequisites:
Network access to the target system · Vulnerable version of the target software
nomisec
WORKING POC
2 stars
by Chocapikk · remote
https://github.com/Chocapikk/CVE-2021-46422
This repository contains a functional exploit for CVE-2021-46422, an OS command injection vulnerability in Telesquare SDT-CW3B1 1.1.0. The exploit sends crafted requests to the admin.cgi endpoint to execute arbitrary commands and includes an interactive shell for post-exploitation.
Classification
Working Poc 95%
Target:
Telesquare SDT-CW3B1 1.1.0
No auth needed
Prerequisites:
Network access to the target device · The admin.cgi endpoint must be accessible
nomisec
WORKING POC
2 stars
by yyqxi · remote
https://github.com/yyqxi/CVE-2021-46422
This PoC exploits a remote code execution vulnerability in LYQ backend management by sending a crafted HTTP request to execute arbitrary commands via the 'sysCommand' parameter. The script checks for the presence of the vulnerability by verifying the response contains '<CmdResult>'.
Classification
Working Poc 90%
Target:
LYQ backend management (all versions)
No auth needed
Prerequisites:
Network access to the target system · Target system running vulnerable LYQ backend management
nomisec
WORKING POC
1 stars
by kailing0220 · remote
https://github.com/kailing0220/CVE-2021-46422
This PoC exploits CVE-2021-46422, an OGNL injection vulnerability in Confluence Server and Data Center, allowing unauthenticated remote code execution. The script checks for the vulnerability by sending a crafted request to the target URL and verifying the response.
Classification
Working Poc 90%
Target:
Confluence Server and Data Center
No auth needed
Prerequisites:
Network access to the target Confluence instance
nomisec
WORKING POC
1 stars
by xanszZZ · remote
https://github.com/xanszZZ/SDT_CW3B1_rce
This PoC exploits CVE-2021-46422, a command injection vulnerability in Telesquare SDT-CW3B1 routers. It sends a crafted HTTP request to execute the 'id' command via the 'sysCommand' parameter without authentication.
Classification
Working Poc 95%
Target:
Telesquare SDT-CW3B1 1.1.0
No auth needed
Prerequisites:
Network access to the target device
nomisec
WORKING POC
1 stars
by polerstar · remote
https://github.com/polerstar/CVE-2021-46422-poc
This PoC exploits an OS command injection vulnerability in Telesquare SDT-CW3B1 1.1.0 by sending a crafted HTTP request to execute arbitrary commands. The script checks for vulnerability by injecting the 'id' command and verifying the response.
Classification
Working Poc 90%
Target:
Telesquare SDT-CW3B1 1.1.0
No auth needed
Prerequisites:
Network access to the target device
nomisec
WORKING POC
1 stars
by latings · remote
https://github.com/latings/CVE-2021-46422
This PoC exploits an OS command injection vulnerability in Telesquare SDT-CW3B1 1.1.0 by sending a crafted HTTP request to execute arbitrary commands. The script checks for vulnerability by injecting the 'id' command and verifying the response.
Classification
Working Poc 90%
Target:
Telesquare SDT-CW3B1 1.1.0
No auth needed
Prerequisites:
Network access to the target device · Target device running Telesquare SDT-CW3B1 1.1.0
nomisec
WORKING POC
1 stars
by nobodyatall648 · remote
https://github.com/nobodyatall648/CVE-2021-46422
This Python script exploits an OS command injection vulnerability in Telesquare SDT-CW3B1 1.1.0 via an unauthenticated CGI endpoint. It allows remote command execution by injecting commands into the 'Cmd' parameter and parsing XML responses.
Classification
Working Poc 95%
Target:
Telesquare SDT-CW3B1 1.1.0
No auth needed
Prerequisites:
Network access to the target device · CGI endpoint exposed at /cgi-bin/admin.cgi
nomisec
WORKING POC
by tucommenceapousser · remote
https://github.com/tucommenceapousser/CVE-2021-46422
This repository contains a functional exploit for CVE-2021-46422, an OS command injection vulnerability in Telesquare SDT-CW3B1 1.1.0. The exploit leverages a vulnerable CGI endpoint to execute arbitrary commands and includes both single-target and mass-exploitation capabilities.
Classification
Working Poc 95%
Target:
Telesquare SDT-CW3B1 1.1.0
No auth needed
Prerequisites:
Network access to the vulnerable device · CGI endpoint exposed at /cgi-bin/admin.cgi
nomisec
WORKING POC
by kelemaoya · remote
https://github.com/kelemaoya/CVE-2021-46422
This PoC exploits a command injection vulnerability in the LYQ router's admin interface via the `/cgi-bin/admin.cgi` endpoint, allowing unauthenticated remote code execution. The script uses the `pocsuite3` framework to verify and exploit the vulnerability by sending a crafted HTTP request with the `Command=sysCommand&Cmd=id` payload.
Classification
Working Poc 90%
Target:
LYQ Router (all versions)
No auth needed
Prerequisites:
Network access to the target router's admin interface
nomisec
WORKING POC
by CJ-0107 · remote
https://github.com/CJ-0107/cve-2021-46422
This PoC leverages the pocsuite3 framework to exploit a remote code execution vulnerability in LYQ's backend management system. It sends a crafted HTTP request to execute the 'id' command and checks for a specific response pattern to confirm vulnerability.
Classification
Working Poc 90%
Target:
LYQ backend management system (all versions)
No auth needed
Prerequisites:
Network access to the target system · pocsuite3 framework installed
nomisec
WORKING POC
by ZAxyr · remote
https://github.com/ZAxyr/CVE-2021-46422
This PoC exploits an OS command injection vulnerability in SDT-CW3B1 routers via an unauthenticated endpoint. It sends a crafted request to execute arbitrary commands and checks for the presence of 'CmdResult' in the response to confirm exploitation.
Classification
Working Poc 90%
Target:
SDT-CW3B1 wireless router (all versions)
No auth needed
Prerequisites:
Network access to the target router's web interface
nomisec
WORKING POC
by yigexioabai · remote
https://github.com/yigexioabai/CVE-2021-46422_RCE
This PoC exploits CVE-2021-46422, a command injection vulnerability in Korean wireless routers, by sending a crafted request to execute arbitrary commands via the 'sysCommand' parameter. The script uses the pocsuite3 framework to verify and exploit the vulnerability.
Classification
Working Poc 90%
Target:
SDT-CW3B1 wireless router (all versions)
No auth needed
Prerequisites:
Network access to the target device · Target device must be running vulnerable firmware
nomisec
WORKING POC
by twoning · remote
https://github.com/twoning/CVE-2021-46422_PoC
This PoC demonstrates an unauthenticated command injection vulnerability in Telesquare SDT-CW3B1 1.1.0, allowing remote command execution via a crafted HTTP request to the admin.cgi endpoint. The exploit uses the pocsuite3 framework to verify and exploit the vulnerability.
Classification
Working Poc 90%
Target:
Telesquare SDT-CW3B1 1.1.0
No auth needed
Prerequisites:
Network access to the target device · Target device running vulnerable firmware