CVE-2022-50909

HIGH

Algo 8028 Control Panel <3.3.3 - Command Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-50909. PoCs published by Filip Carlsson.

AI-analyzed exploit summary This exploit demonstrates an authenticated command injection vulnerability in Algo 8028 Control Panel version 3.3.3. It leverages improper input sanitization in the 'fm-data.lua' endpoint to execute arbitrary commands as root.

Description

Algo 8028 Control Panel version 3.3.3 contains a command injection vulnerability in the fm-data.lua endpoint that allows authenticated attackers to execute arbitrary commands. Attackers can exploit the insecure 'source' parameter by injecting commands that are executed with root privileges, enabling remote code execution through a crafted POST request.

Exploits (1)

exploitdb WORKING POC
by Filip Carlsson · pythonremotehardware
https://www.exploit-db.com/exploits/50960

This exploit demonstrates an authenticated command injection vulnerability in Algo 8028 Control Panel version 3.3.3. It leverages improper input sanitization in the 'fm-data.lua' endpoint to execute arbitrary commands as root.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Algo 8028 Control Panel 3.3.3
Auth required
Prerequisites: Network access to the target · Valid credentials for the Algo 8028 Control Panel
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 8.8
EPSS 0.0210
EPSS Percentile 79.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-78
Status published
Products (1)
Algo Solutions/Algo 8028 3.3.3
Published Jan 13, 2026
Tracked Since Feb 18, 2026