← back
CVE-2015-2279

CVE-2015-2279

EPSS 17.6%
cgi_test.cgi in AirLive BU-2015 with firmware 1.03.18, BU-3026 with firmware 1.43, and MD-3025 with firmware 1.81 allows remote attackers to execute arbitrary OS commands via shell metacharacters after an "&" (ampersand) in the write_mac write_pid, write_msn, write_tan, or write_hdv parameter.
Affected products
n/a · n/a
public PoCs found3
cve_referencepacketstormsecurity.com/files/132585/AirLive-Remote-Command-Injection.htmlunverifiedcve_referencewww.exploit-db.com/exploits/37532/unverifiedexploitdbwww.exploit-db.com/exploits/37532unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/132585/AirLive-Remote-Command-Injection.htmlhttp://seclists.org/fulldisclosure/2015/Jul/29https://www.coresecurity.com/advisories/airlive-multiple-products-os-command-injectionhttps://www.exploit-db.com/exploits/37532/http://www.securityfocus.com/archive/1/535938/100/0/threadedhttp://www.securityfocus.com/bid/75559