module
AwindInc SNMP Service Command Injection
| Disclosed |
|---|
| Mar 27, 2019 |
Disclosed
Mar 27, 2019
Description
This module exploits a vulnerability found in AwindInc and OEM'ed products where untrusted inputs are fed to ftpfw.sh system command, leading to command injection.
A valid SNMP read-write community is required to exploit this vulnerability.
The following devices are known to be affected by this issue:
* Crestron Airmedia AM-100 * Crestron Airmedia AM-101 * Awind WiPG-1600w * Awind WiPG-2000d * Barco wePresent 2000 * Newline Trucast 2 * Newline Trucast 3
A valid SNMP read-write community is required to exploit this vulnerability.
The following devices are known to be affected by this issue:
* Crestron Airmedia AM-100 * Crestron Airmedia AM-101 * Awind WiPG-1600w * Awind WiPG-2000d * Barco wePresent 2000 * Newline Trucast 2 * Newline Trucast 3
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.