CVE-2023-33617

HIGH

Parks Fiberlink 210 <V2.1.14_X000 - Command Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2023-33617. PoCs published by Chocapikk, tucommenceapousser, mdelaclaire.

AI-analyzed exploit summary This repository contains a Python-based exploit for CVE-2023-33617, an authenticated OS command injection vulnerability in Parks FiberLink 210 routers running firmware version V2.1.14_X000. The tool uses Shodan and ZoomEye APIs to discover vulnerable targets and exploits the vulnerability via the `/boaform/admin/formPing` endpoint.

Description

An OS Command Injection vulnerability in Parks Fiberlink 210 firmware version V2.1.14_X000 was found via the /boaform/admin/formPing target_addr parameter.

Exploits (3)

nomisec WORKING POC 2 stars
by Chocapikk · poc
https://github.com/Chocapikk/CVE-2023-33617

This repository contains a Python-based exploit for CVE-2023-33617, an authenticated OS command injection vulnerability in Parks FiberLink 210 routers running firmware version V2.1.14_X000. The tool uses Shodan and ZoomEye APIs to discover vulnerable targets and exploits the vulnerability via the `/boaform/admin/formPing` endpoint.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Parks FiberLink 210 routers firmware V2.1.14_X000
Auth required
Prerequisites: Shodan/ZoomEye API keys · Valid credentials for the target router (default: admin/parks) · Network access to the target device
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 1 stars
by tucommenceapousser · poc
https://github.com/tucommenceapousser/CVE-2023-33617

This repository contains a Python-based exploit for CVE-2023-33617, an authenticated OS command injection vulnerability in Parks FiberLink 210 routers running firmware version V2.1.14_X000. The tool uses Shodan and ZoomEye APIs to discover vulnerable targets and exploits the vulnerability by injecting commands via the router's ping functionality.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Parks FiberLink 210 routers firmware V2.1.14_X000
Auth required
Prerequisites: Shodan/ZoomEye API keys · Valid credentials for the router (default: admin/parks) · Network access to the target device
devstral-2 · analyzed Feb 16, 2026 Full analysis →
gitlab WORKING POC
by mdelaclaire · poc
https://gitlab.com/mdelaclaire/CVE-2023-33617

This repository contains a functional exploit for CVE-2023-33617, an authenticated OS command injection vulnerability in Parks FiberLink 210 routers. The exploit leverages Shodan/ZoomEye APIs to discover vulnerable targets and executes arbitrary commands via crafted HTTP requests to the router's admin interface.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Parks FiberLink 210 routers (firmware V2.1.14_X000)
Auth required
Prerequisites: Shodan/ZoomEye API keys · default credentials (admin:parks) · network access to vulnerable routers
devstral-2 · analyzed Feb 23, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 7.2
EPSS 0.0524
EPSS Percentile 91.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-78
Status published
Products (1)
eparks/fiberlink_210_firmware 2.1.14_x000
Published May 23, 2023
Tracked Since Feb 18, 2026