Showing 1 - 1 of 1

CVE-2022-27226

Status Candidate

Overview

A CSRF issue in /api/crontab on iRZ Mobile Routers through 2022-03-16 allows a threat actor to create a crontab entry in the router administration panel. The cronjob will consequently execute the entry on the threat actor's defined interval, leading to remote code execution, allowing the threat actor to gain filesystem access. In addition, if the router's default credentials aren't rotated or a threat actor discovers valid credentials, remote code execution can be achieved without user interaction.

Related Files

iRZ Mobile Router Cross Site Request Forgery / Remote Code Execution: Posted Mar 22, 2022; Authored by Robert Willis, Stephen Chavez; iRZ mobile routers versions RU21, RU21w, RL21, RU41, and RL01 suffer from a cross site request forgery vulnerability that can enable remote code execution.; tags | exploit, remote, code execution, csrf; advisories | CVE-2022-27226; SHA-256 | 9f87d1b4dfcf65a7a815809793fabfafcaf1d56d194ef000382ae92167e751d7; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 119 files
Ubuntu 103 files
Debian 15 files
Rafael Pedrero 11 files
Apple 9 files
Google Security Research 9 files
Abdulhakim Oner 8 files
nu11secur1ty 8 files
Hubert Wojciechowski 6 files
Ivan Fratric 5 files

File Archives

Systems

AIX (426)
Apple (1,960)
BSD (372)
CentOS (56)
Cisco (1,919)
Debian (6,715)
Fedora (1,691)
FreeBSD (1,244)
Gentoo (4,288)
HPUX (878)
iOS (340)
iPhone (108)
IRIX (220)
Juniper (67)
Linux (45,153)
Mac OS X (684)
Mandriva (3,105)
NetBSD (256)
OpenBSD (482)
RedHat (12,930)
Slackware (941)
Solaris (1,609)
SUSE (1,444)
Ubuntu (8,462)
UNIX (9,208)
UnixWare (185)
Windows (6,533)
Other

CVE-2022-27226

Overview

Related Files

File Archive:

March 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems