CVE-2022-27226

HIGH EXPLOITED IN THE WILD

IRZ Ru21 Firmware < 2022-03-16 - CSRF

Title source: rule

Description

A CSRF issue in /api/crontab on iRZ Mobile Routers through 2022-03-16 allows a threat actor to create a crontab entry in the router administration panel. The cronjob will consequently execute the entry on the threat actor's defined interval, leading to remote code execution, allowing the threat actor to gain filesystem access. In addition, if the router's default credentials aren't rotated or a threat actor discovers valid credentials, remote code execution can be achieved without user interaction.

Exploits (2)

exploitdb WORKING POC

by John Jackson · pythonremotehardware

https://www.exploit-db.com/exploits/50832

View Code ZIP pw:eip

nomisec WORKING POC 15 stars

by SakuraSamuraii · poc

https://github.com/SakuraSamuraii/ez-iRZ

View Code ZIP pw:eip

References (4)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/166396/iRZ-Mobile-Router-Cross-Site-Request-Forgery-Remote-Code-Execution.html

[Product] https://en.irz.ru

[Exploit, Third Party Advisory] https://github.com/SakuraSamuraii/ez-iRZ

[Exploit, Third Party Advisory] https://johnjhacking.com/blog/cve-2022-27226/

Scores

CVSS v3 8.8

EPSS 0.0319

EPSS Percentile 87.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2022-04-12

InTheWild.io 2022-05-30

CWE

CWE-352

Status published

Products (5)

irz/rl01_firmware < 2022-03-16

irz/rl21_firmware < 2022-03-16

irz/ru21_firmware < 2022-03-16

irz/ru21w_firmware < 2022-03-16

irz/ru41_firmware < 2022-03-16

Published Mar 19, 2022

Tracked Since Feb 18, 2026