漏洞描述
HWL-2511-SS 是 Hytec Inter 公司的一款工业级 LTE 路由器,可用于远程数据传输,例如收集传感器数据和检查监控摄像头图像。1.05版本及以下的所有 Hytec Inter HWL-2511-SS设备存在命令注入漏洞,未经身份验证的攻击者可利用该漏洞进行命令注入漏洞攻击,成功利用该漏洞允许攻击者以 root 权限在底层操作系统上执行任意命令。
Hytec Inter HWL-2511-SS 命令注入漏洞(CVE-2022-36553)
PoC代码
暂无相关漏洞推荐
- 新中大ERP企业管理软件 /filesrv/NGInterface/Index SQL 注入漏洞
- spon-ip-intercom-file-read: Spon Ip Intercom File Read
- POC CVE-2018-2392: SAP Internet Graphics Server (IGS) - XML External Entity Injection
- POC CVE-2020-12447: Onkyo TX-NR585 Web Interface - Directory Traversal
- POC CVE-2020-2036: Palo Alto Networks PAN-OS Web Interface - Cross Site-Scripting
- POC CVE-2021-41569: SAS/Internet 9.4 1520 - Local File Inclusion
- POC CVE-2021-46387: Zyxel ZyWALL 2 Plus Internet Security Appliance - Cross-Site Scripting
- POC CVE-2022-23779: Zoho ManageEngine - Internal Hostname Disclosure
- POC CVE-2022-36553: Hytec Inter HWL-2511-SS - Remote Command Execution
- POC CVE-2022-48197: Yahoo User Interface library (YUI2) TreeView v2.8.2 - Cross-Site Scripting
- POC CVE-2023-37265: CasaOS < 0.4.4 - Authentication Bypass via Internal IP
- POC CVE-2023-43323: mooSocial 3.1.8 - External Service Interaction
- POC CVE-2024-0012: PAN-OS Management Web Interface - Authentication Bypass