CVE-2023-33381

HIGH

MitraStar GPT-2741GNAC - Command Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-33381. PoCs published by duality084.

AI-analyzed exploit summary This repository documents CVE-2023-33381, an OS command injection vulnerability in MitraStar GPT-2741GNAC firmware AR_g5.8_110WVN0b7_2. The vulnerability arises from unsanitized user input in the 'PingIPAddr' parameter, allowing arbitrary command execution via the diagnostic ping functionality.

Description

A command injection vulnerability was found in the ping functionality of the MitraStar GPT-2741GNAC router (firmware version AR_g5.8_110WVN0b7_2). The vulnerability allows an authenticated user to execute arbitrary OS commands by sending specially crafted input to the router via the ping function.

Exploits (1)

nomisec WRITEUP 13 stars
by duality084 · poc
https://github.com/duality084/CVE-2023-33381-MitraStar-GPT-2741GNAC

This repository documents CVE-2023-33381, an OS command injection vulnerability in MitraStar GPT-2741GNAC firmware AR_g5.8_110WVN0b7_2. The vulnerability arises from unsanitized user input in the 'PingIPAddr' parameter, allowing arbitrary command execution via the diagnostic ping functionality.

Classification
Writeup 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: MitraStar GPT-2741GNAC firmware AR_g5.8_110WVN0b7_2
Auth required
Prerequisites: Admin access to the device's web interface · Network access to the device
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 7.2
EPSS 0.2831
EPSS Percentile 97.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-78
Status published
Products (1)
mitrastar/gpt-2741gnac_firmware ar_g5.8_110wvn0b7_2
Published Jun 06, 2023
Tracked Since Feb 18, 2026