all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

CVE-2022-27226: CSRF to RCE in iRZ Mobile Routers through 2022-03-16

Add to bookmarks
March 18, 2022, 11 p.m. |

John J Hacking johnjhacking.com

Credits Vulnerability Discovery
John Jackson
Chris Mack
Exploit Development
Stephen Chavez
Robert Willis
Identification Default credentials were discovered on an iRZ Mobile Router login page. Utilizing root:root gave us access to the administrative functionality for the device. Having administrative access allows for various manipulation. Any setting that can be modified by an administrator was accessible, but the function that caught specific interest was the “Crontabs” feature in the services tab.

csrf cve cve-2022-27226 mobile rce routers

Visit resource

More from johnjhacking.com / John J Hacking

CVE-2023-24068 && CVE-2023-24069: Abusing Signal Desktop Client for fun and for Espionage 1 year, 3 months ago | johnjhacking.com
abusing attachments chat client +10
OSCP Reborn - 2023 Exam Preparation Guide 1 year, 4 months ago | johnjhacking.com
exam guide oscp preparation
Stealing Data with Zix - Bypassing Data Loss Prevention Policies 1 year, 8 months ago | johnjhacking.com
bypassing data data loss data loss prevention +4
Stealing Data with Zix - Bypassing Data Loss Prevention Policies 1 year, 8 months ago | johnjhacking.com
bypassing data data loss data loss prevention +4
Spear Phishing with Zix: An Undisclosed Red Team Method for the Hungry APT 1 year, 10 months ago | johnjhacking.com
apt phishing red team spear phishing +1
The Ultimate CRTO Preparation Guide 2 years ago | johnjhacking.com
guide preparation
An Open Letter to the Japanese Government on Cybersecurity 2 years ago | johnjhacking.com
cybersecurity government
CVE-2022-27226: CSRF to RCE in iRZ Mobile Routers through 2022-03-16 2 years, 1 month ago | johnjhacking.com
csrf cve cve-2022-27226 mobile +2

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

Cloud Security Analyst

@ Cloud Peritus | Bengaluru, India
View on infosec-jobs.com

Cyber Program Manager - CISO- United States – Remote

@ Stanley Black & Decker | Towson MD USA - 701 E Joppa Rd Bg 700
View on infosec-jobs.com

Network Security Engineer (AEGIS)

@ Peraton | Virginia Beach, VA, United States
View on infosec-jobs.com

SC2022-002065 Cyber Security Incident Responder (NS) - MON 13 May

@ EMW, Inc. | Mons, Wallonia, Belgium
View on infosec-jobs.com

Information Systems Security Engineer

@ Booz Allen Hamilton | USA, GA, Warner Robins (300 Park Pl Dr)
View on infosec-jobs.com
View more jobs