EIP-2026-101562

The exploit demonstrates authenticated command injection vulnerabilities in Beward N100 IP Camera via the 'TimeZone' and 'ServerName' parameters in the 'servetest' CGI endpoint, allowing root remote code execution. The PoC uses curl commands to inject arbitrary system commands (e.g., 'id') into these parameters, confirming successful execution with the returned output.