CVE-2021-45466
published 2022-12-26CVE-2021-45466: In CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1107, attackers can make a crafted request to api/?api=add_server&DHCP= to add an…
PriorityP268critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
55.34%
98.9th percentile
In CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1107, attackers can make a crafted request to api/?api=add_server&DHCP= to add an authorized_keys text file in the /resources/ folder.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| control-webpanel | webpanel | < 0.9.8.1107 | 0.9.8.1107 |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for crafted HTTP requests targeting the CWP API endpoint api/?api=add_server&DHCP= which attempts to write an authorized_keys file into the /resources/ directory. ↗
- →Monitor for access from known malicious IPs (206.189.170.136, 185.117.73.208, 157.230.62.113, 180.183.132.35) associated with exploitation attempts of CWP vulnerabilities including CVE-2021-45466. ↗
- →CVE-2021-45466 is chained with CVE-2021-45467 to achieve pre-authenticated remote code execution; detection should account for both vulnerabilities being exploited together. ↗
- ·The vulnerability affects CWP versions before 0.9.8.1107; ensure version detection covers this specific boundary when scanning for vulnerable instances. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Wiz
CVE-2022-44877, critical RCE in CentOS Control Web Panel exploited in the wild: everything you need to know | Wiz Blog
blogs_wiz·2023-01-17·CVSS 9.8
CVE-2022-44877 [CRITICAL] CVE-2022-44877, critical RCE in CentOS Control Web Panel exploited in the wild: everything you need to know | Wiz Blog
CVE-2022-44877, a critical RCE vulnerability in Control Web Panel 7 (also known as CentOS Web Panel), has been reportedly exploited in the wild. The vulnerability could allow an unauthenticated attacker to escalate privileges and execute code remotely on susceptible servers. Although the vulnerability was published and assigned a CVE on January 6, a fix has been available since October 25, 2022. It was assigned a CVSS score of 9.8.
Exploitation attempts reportedly began around January 6, closely following the publication of a public proof of concept.
## What is CVE-2022-44877?
In unpatched versions of CWP, there is a flaw that allows the execution of Bash commands if double quotation marks are used when logging incorrect entries into the system. This flaw could enable an attacker to exe
Checkpoint
24th January– Threat Intelligence Report
blogs_checkpoint·2022-01-24
CVE-2021-44757 24th January– Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 24th January– Threat Intelligence Report
For the latest discoveries in cyber research for the week of 24th January, please download our Threat Intelligence Bulletin .
Top Attacks and Breaches
A new cyber-espionage campaign by the Arabic-speaking APT group Molerats (aka Gaza Cybergang) has been targeting victims in the Middle East, specifically high-profile targets in the banking, NGOs and political sectors in Palestine and Turkey. The group leverages cloud services like Google Drive or Dropbox to host malicious
2022-12-26
Published