CVE-2021-46422

CRITICAL EXPLOITED IN THE WILD NUCLEI

Telesquare SDT-CW3B1 1.1.0 - Command Injection

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2021-46422 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io). EIP tracks 16 public exploits from researchers including Bryan Leong, Ahmed Alroky, Awei507. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates an OS command injection vulnerability in Telesquare SDT-CW3B1 1.1.0 via the `admin.cgi` endpoint. It allows unauthenticated remote command execution by injecting commands into the `Cmd` parameter and parsing the XML response.

Description

Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any authentication.

Exploits (16)

exploitdb WORKING POC
by Bryan Leong · pythonremotehardware
https://www.exploit-db.com/exploits/50948

This exploit demonstrates an OS command injection vulnerability in Telesquare SDT-CW3B1 1.1.0 via the `admin.cgi` endpoint. It allows unauthenticated remote command execution by injecting commands into the `Cmd` parameter and parsing the XML response.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Telesquare SDT-CW3B1 1.1.0
No auth needed
Prerequisites: Network access to the target device · Target device running vulnerable firmware
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
by Ahmed Alroky · textremotehardware
https://www.exploit-db.com/exploits/50936

This exploit demonstrates an OS command injection vulnerability in SDT-CW3B1 1.1.0 via a crafted HTTP GET request to the admin.cgi endpoint. The 'Cmd' parameter is used to execute arbitrary system commands without authentication.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: SDT-CW3B1 1.1.0
No auth needed
Prerequisites: Network access to the target device · Target device running vulnerable firmware
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 3 stars
by Awei507 · remote
https://github.com/Awei507/CVE-RCE

The repository contains two PoC scripts for different CVEs. The first script (CVE-2021-46422.py) targets a command injection vulnerability in a CGI endpoint, while the second (CVE-2022-26134.py) exploits an OGNL injection in Atlassian Confluence for RCE. Both scripts are functional and use the pocsuite3 framework.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: CVE-2021-46422: Unknown CGI-based system; CVE-2022-26134: Atlassian Confluence < 7.18.1
No auth needed
Prerequisites: Network access to the target system · Vulnerable version of the target software
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 2 stars
by Chocapikk · remote
https://github.com/Chocapikk/CVE-2021-46422

This repository contains a functional exploit for CVE-2021-46422, an OS command injection vulnerability in Telesquare SDT-CW3B1 1.1.0. The exploit sends crafted requests to the admin.cgi endpoint to execute arbitrary commands and includes an interactive shell for post-exploitation.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Telesquare SDT-CW3B1 1.1.0
No auth needed
Prerequisites: Network access to the target device · The admin.cgi endpoint must be accessible
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 2 stars
by yyqxi · remote
https://github.com/yyqxi/CVE-2021-46422

This PoC exploits a remote code execution vulnerability in LYQ backend management by sending a crafted HTTP request to execute arbitrary commands via the 'sysCommand' parameter. The script checks for the presence of the vulnerability by verifying the response contains '<CmdResult>'.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: LYQ backend management (all versions)
No auth needed
Prerequisites: Network access to the target system · Target system running vulnerable LYQ backend management
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 1 stars
by kailing0220 · remote
https://github.com/kailing0220/CVE-2021-46422

This PoC exploits CVE-2021-46422, an OGNL injection vulnerability in Confluence Server and Data Center, allowing unauthenticated remote code execution. The script checks for the vulnerability by sending a crafted request to the target URL and verifying the response.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Confluence Server and Data Center
No auth needed
Prerequisites: Network access to the target Confluence instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 1 stars
by xanszZZ · remote
https://github.com/xanszZZ/SDT_CW3B1_rce

This PoC exploits CVE-2021-46422, a command injection vulnerability in Telesquare SDT-CW3B1 routers. It sends a crafted HTTP request to execute the 'id' command via the 'sysCommand' parameter without authentication.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Telesquare SDT-CW3B1 1.1.0
No auth needed
Prerequisites: Network access to the target device
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 1 stars
by polerstar · remote
https://github.com/polerstar/CVE-2021-46422-poc

This PoC exploits an OS command injection vulnerability in Telesquare SDT-CW3B1 1.1.0 by sending a crafted HTTP request to execute arbitrary commands. The script checks for vulnerability by injecting the 'id' command and verifying the response.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Telesquare SDT-CW3B1 1.1.0
No auth needed
Prerequisites: Network access to the target device
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 1 stars
by latings · remote
https://github.com/latings/CVE-2021-46422

This PoC exploits an OS command injection vulnerability in Telesquare SDT-CW3B1 1.1.0 by sending a crafted HTTP request to execute arbitrary commands. The script checks for vulnerability by injecting the 'id' command and verifying the response.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Telesquare SDT-CW3B1 1.1.0
No auth needed
Prerequisites: Network access to the target device · Target device running Telesquare SDT-CW3B1 1.1.0
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 1 stars
by nobodyatall648 · remote
https://github.com/nobodyatall648/CVE-2021-46422

This Python script exploits an OS command injection vulnerability in Telesquare SDT-CW3B1 1.1.0 via an unauthenticated CGI endpoint. It allows remote command execution by injecting commands into the 'Cmd' parameter and parsing XML responses.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Telesquare SDT-CW3B1 1.1.0
No auth needed
Prerequisites: Network access to the target device · CGI endpoint exposed at /cgi-bin/admin.cgi
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by tucommenceapousser · remote
https://github.com/tucommenceapousser/CVE-2021-46422

This repository contains a functional exploit for CVE-2021-46422, an OS command injection vulnerability in Telesquare SDT-CW3B1 1.1.0. The exploit leverages a vulnerable CGI endpoint to execute arbitrary commands and includes both single-target and mass-exploitation capabilities.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Telesquare SDT-CW3B1 1.1.0
No auth needed
Prerequisites: Network access to the vulnerable device · CGI endpoint exposed at /cgi-bin/admin.cgi
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by kelemaoya · remote
https://github.com/kelemaoya/CVE-2021-46422

This PoC exploits a command injection vulnerability in the LYQ router's admin interface via the `/cgi-bin/admin.cgi` endpoint, allowing unauthenticated remote code execution. The script uses the `pocsuite3` framework to verify and exploit the vulnerability by sending a crafted HTTP request with the `Command=sysCommand&Cmd=id` payload.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: LYQ Router (all versions)
No auth needed
Prerequisites: Network access to the target router's admin interface
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by CJ-0107 · remote
https://github.com/CJ-0107/cve-2021-46422

This PoC leverages the pocsuite3 framework to exploit a remote code execution vulnerability in LYQ's backend management system. It sends a crafted HTTP request to execute the 'id' command and checks for a specific response pattern to confirm vulnerability.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: LYQ backend management system (all versions)
No auth needed
Prerequisites: Network access to the target system · pocsuite3 framework installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by ZAxyr · remote
https://github.com/ZAxyr/CVE-2021-46422

This PoC exploits an OS command injection vulnerability in SDT-CW3B1 routers via an unauthenticated endpoint. It sends a crafted request to execute arbitrary commands and checks for the presence of 'CmdResult' in the response to confirm exploitation.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: SDT-CW3B1 wireless router (all versions)
No auth needed
Prerequisites: Network access to the target router's web interface
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by yigexioabai · remote
https://github.com/yigexioabai/CVE-2021-46422_RCE

This PoC exploits CVE-2021-46422, a command injection vulnerability in Korean wireless routers, by sending a crafted request to execute arbitrary commands via the 'sysCommand' parameter. The script uses the pocsuite3 framework to verify and exploit the vulnerability.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: SDT-CW3B1 wireless router (all versions)
No auth needed
Prerequisites: Network access to the target device · Target device must be running vulnerable firmware
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by twoning · remote
https://github.com/twoning/CVE-2021-46422_PoC

This PoC demonstrates an unauthenticated command injection vulnerability in Telesquare SDT-CW3B1 1.1.0, allowing remote command execution via a crafted HTTP request to the admin.cgi endpoint. The exploit uses the pocsuite3 framework to verify and exploit the vulnerability.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Telesquare SDT-CW3B1 1.1.0
No auth needed
Prerequisites: Network access to the target device · Target device running vulnerable firmware
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

SDT-CW3B1 1.1.0 - OS Command Injection
CRITICALVERIFIEDby badboycxcc,prajiteshsingh
Shodan: html:"SDT-CW3B1"

References (3)

Core 3

Scores

CVSS v3 9.8
EPSS 0.9388
EPSS Percentile 99.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2022-12-06
InTheWild.io 2022-12-21
CWE
CWE-78
Status published
Products (1)
telesquare/sdt-cs3b1_firmware 1.1.0
Published Apr 27, 2022
Tracked Since Feb 18, 2026