CVE-2022-37661

CRITICAL EXPLOITED

SmartRG SR506n 2.5.15 and SR510n 2.6.13 - Remote Code Execution via Ping Host Feature

Title source: llm

Exploitation Summary

CVE-2022-37661 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including Yerodin Richards.

AI-analyzed exploit summary This exploit targets a command injection vulnerability in SmartRG routers (CVE-2022-37661) by leveraging the ping functionality to execute arbitrary commands. It establishes a reverse shell via netcat after extracting a session key from the router's admin interface.

Description

SmartRG SR506n 2.5.15 and SR510n 2.6.13 routers are vulnerable to Remote Code Execution (RCE) via the ping host feature.

Exploits (1)

exploitdb WORKING POC

by Yerodin Richards · pythonremotehardware

https://www.exploit-db.com/exploits/51031

View Code ZIP pw:eip

This exploit targets a command injection vulnerability in SmartRG routers (CVE-2022-37661) by leveraging the ping functionality to execute arbitrary commands. It establishes a reverse shell via netcat after extracting a session key from the router's admin interface.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: SmartRG Router SR510n (2.6.13) and SR506n (2.5.15)

Auth required

Prerequisites: Network access to the router's admin interface · Valid admin credentials (hardcoded in exploit) · Netcat installed on attacker's machine

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter T1090 - Proxy

devstral-2 · analyzed Feb 16, 2026 Full analysis →