Primary

Context

Oiwtech OIW-2431APGN-HP Command Injection Vulnerability in Personal Script Submenu

Vulnerability

A critical command injection vulnerability has been identified in Oiwtech OIW-2431APGN-HP version 2.5.3-B20131128. The issue arises in the Personal Script Submenu, specifically within the file '/boafrm/formScript'. This vulnerability allows remote attackers to execute operating system commands by injecting malicious input that is not properly sanitized before being processed.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the underlying operating system.

Reproduction

To reproduce this vulnerability, authenticate on the web management interface of the affected Oiwtech device. Navigate to the 'Management' menu and select the 'Personal Script' submenu. Once there, use the script input to inject a command that initiates a reverse shell, directing the output to an external server. This command will be executed by the system, effectively compromising the device.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Oiwtech OIW-2431APGN-HP Command Injection Vulnerability in Personal Script Submenu

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating