.. / CVE-2022-36553

Exploit for Hytec Inter HWL-2511-SS - Remote Command Execution (CVE-2022-36553)

Description:

Hytec Inter HWL-2511-SS v1.05 and below was discovered to contain a command injection vulnerability via the component /www/cgi-bin/popen.cgi.

Nuclei Template

View the template here CVE-2022-36553.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2022/CVE-2022-36553.yaml
Copy

References:

https://hytec.co.jp/eng/wordpress/wp-content/uploads/2019/09/hwl-2511-ss-ds.3.0.pdf
https://gist.github.com/Nwqda/b27418ab801eb0b9cdbe8d042cb0249b
https://hytec.co.jp/eng/products/our-brand/hwl-2511-ss.html
https://github.com/zan8in/afrog/blob/main/v2/pocs/afrog-pocs/vulnerability/cellular-router-rce.yaml
https://nvd.nist.gov/vuln/detail/CVE-2022-36553