vendor:
130-SLC Router
by:
Aryan Chehreghani
9,8
CVSS
HIGH
Remote Code Execution
78
CWE
Product Name: 130-SLC Router
Affected Version From: All Version
Affected Version To: All Version
Patch Exists: Yes
Related CWE: N/A
CPE: h:seowonintech:130-slc_router
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows 10 Enterprise x64, Linux
2021
Seowon 130-SLC router – ‘queriesCnt’ Remote Code Execution (Unauthenticated)
A vulnerability in Seowon 130-SLC router allows an unauthenticated attacker to execute arbitrary commands without authentication as admin user. To exploit this vulnerability, the attacker only needs to enter the router IP and port (if available) in the request. The result of the request is visible on the browser page.
Mitigation:
The vendor has released a patch to address this vulnerability. Users should update their devices to the latest version.