Panabit PAP-XM320 Command Injection Vulnerability in Web Management Interface

Vulnerability

A command injection vulnerability has been identified in Panabit PAP-XM320 versions up to and including V7.7. The issue arises in the web management interface, which calls a backend helper and transmits user-controlled parameters. This helper processes arguments unsafely using eval, creating an opportunity for command injection when attacker-controlled input is included. Consequently, an authenticated remote attacker with access to the management interface could execute arbitrary shell commands.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the affected system.

Added: May 19, 2026, 5:27 PM

Updated: May 19, 2026, 5:27 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.8

remediation

0.0

relevance

8.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.8

remediation

0.0

relevance

8.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Panabit PAP-XM320 Command Injection Vulnerability in Web Management Interface

Vulnerability

Impact

Affected Products

Panabit PAP-XM320

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating