CVE-2024-22547

MEDIUM

WayOS IBR-7150 < 17.06.23 - Cross-Site Scripting

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-22547. PoCs published by WarmBrew.

AI-analyzed exploit summary This repository contains detailed technical writeups for multiple CVEs, including CVE-2024-28257, which involves a command injection vulnerability in Admin.NET's task scheduling feature. The writeup includes code snippets, screenshots, and step-by-step exploitation details.

Description

WayOS IBR-7150 <17.06.23 is vulnerable to Cross Site Scripting (XSS).

Exploits (1)

github WRITEUP 3 stars

by WarmBrew · poc

https://github.com/WarmBrew/web_vul/tree/main/wayos/CVE-2024-22547.md

View Code ZIP pw:eip

This repository contains detailed technical writeups for multiple CVEs, including CVE-2024-28257, which involves a command injection vulnerability in Admin.NET's task scheduling feature. The writeup includes code snippets, screenshots, and step-by-step exploitation details.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Admin.NET <1.0.13

Auth required

Prerequisites: Default credentials (superadmin/123456) · Access to task scheduling feature

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (1)

Core 1

Core References

Broken Link

https://github.com/WarmBrew/web_vul/blob/main/wayos/wayos.md

Scores

CVSS v3 4.7

EPSS 0.0037

EPSS Percentile 29.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

wayos/ibr-7150_firmware < 17.06.23

Published Feb 22, 2024

Tracked Since Feb 18, 2026