cbcvebase.
CVE-2015-6024
published 2017-02-09

CVE-2015-6024: ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01_R05 allows remote authenticated users to execute…

PriorityP273critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
26.10%
97.7th percentile
ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01_R05 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the DIA_IPADDRESS parameter.

Affected

1 ranges
VendorProductVersion rangeFixed in
netcommwirelesshspa_3g10wve_firmware

Detection & IOCsextracted from sources · hover to see the quote

urlhttp(s):///ping.cgi?DIA_IPADDRESS=4.2.2.2;cat%20/etc/passwd
path/ping.cgi
commandDIA_IPADDRESS=4.2.2.2;cat%20/etc/passwd
  • Monitor HTTP requests to ping.cgi containing shell metacharacters (e.g., semicolons, pipes) in the DIA_IPADDRESS parameter, indicating command injection attempts.
  • Detect unauthenticated access attempts to ping.cgi, as the authentication bypass (CVE-2015-6023) may be chained with this command injection to allow anonymous exploitation.
  • Flag requests to ping.cgi where DIA_IPADDRESS contains characters such as ';', '|', '`', or URL-encoded equivalents (%3B, %7C, %60).
  • ·The vulnerability affects firmware version 3G10WVE-L101-S306ETS-C01_R03 and earlier; version R05 contains the patch. Verify firmware version before applying detection rules to avoid false positives on patched devices.
  • ·The patch was vendor-verified only; independent verification of the fix in firmware R05 has not been confirmed by the researcher.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.