Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A CSRF issue in /api/crontab on iRZ Mobile Routers through 2022-03-16 allows a threat actor to create a crontab entry in the router administration panel. The cronjob will consequently execute the entry on the threat actor's defined interval, leading to remote code execution, allowing the threat actor to gain filesystem access. In addition, if the router's default credentials aren't rotated or a threat actor discovers valid credentials, remote code execution can be achieved without user interaction.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
iRZ Mobile Routers 跨站请求伪造漏洞
Vulnerability Description
iRZ Mobile Routers是俄罗斯iRZ公司的一系列移动路由器。 iRZ Mobile Routers 的 /api/crontab 中存在安全漏洞,攻击者可利用该漏洞在路由器管理面板中创建 crontab 条目,cronjob将在攻击者定义的时间间隔内执行条目,从而导致远程代码执行,从而获得文件系统访问权限。
CVSS Information
N/A
Vulnerability Type
N/A