Showing 1 - 1 of 1

CVE-2022-27226

Status Candidate

Overview

A CSRF issue in /api/crontab on iRZ Mobile Routers through 2022-03-16 allows a threat actor to create a crontab entry in the router administration panel. The cronjob will consequently execute the entry on the threat actor's defined interval, leading to remote code execution, allowing the threat actor to gain filesystem access. In addition, if the router's default credentials aren't rotated or a threat actor discovers valid credentials, remote code execution can be achieved without user interaction.

Related Files

iRZ Mobile Router Cross Site Request Forgery / Remote Code Execution: Posted Mar 22, 2022; Authored by Robert Willis, Stephen Chavez; iRZ mobile routers versions RU21, RU21w, RL21, RU41, and RL01 suffer from a cross site request forgery vulnerability that can enable remote code execution.; tags | exploit, remote, code execution, csrf; advisories | CVE-2022-27226; SHA-256 | 9f87d1b4dfcf65a7a815809793fabfafcaf1d56d194ef000382ae92167e751d7; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 274 files
indoushka 183 files
Ubuntu 92 files
Gentoo 32 files
Debian 18 files
malvuln 13 files
Frederik Beimgraben 11 files
Chris Beiter 11 files
Matthias Deeg 11 files
Apple 10 files

File Archives

Systems

AIX (430)
Apple (2,115)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,130)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,599)
HPUX (881)
iOS (390)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,401)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (16,936)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,885)
UNIX (9,462)
UnixWare (188)
Windows (6,782)
Other

CVE-2022-27226

Overview

Related Files

File Archive:

October 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems