Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-15048

AMTT Hotel Broadband Operation System (HiBOS) contains an unauthenticated command injection vulnerability in the /manager/radius/server_ping.php endpoint. The application constructs a shell command that includes the user-supplied ip parameter and executes it without proper validation or escaping. An attacker can insert shell metacharacters into the ip parameter to inject and execute arbitrary system commands as the web server user. The initial third-party disclosure in 2016 recommended contacting the vendor for remediation guidance. Additionally, this product may have been rebranded under a different name. VulnCheck has observed this vulnerability being exploited in the wild as of 2025-10-14 at 04:45:53.510819 UTC.

Published

2025-10-22T15:15:30.923

Last Modified

2025-12-31T13:12:22.987

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Secondary
CWE-78

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	amttgroup	hibos	-	Yes

References

https://github.com/adysec/nuclei_poc/blob/49c283b2bbb244c071786a2b768fbdde1b91f38e/poc/remote_code_execution/hiboss-rce_2.yaml#L21 Product ([email protected])
https://wooyun.laolisafe.com/bug_detail.php?wybug_id=wooyun-2016-0181444 Issue Tracking, Exploit, Third Party Advisory ([email protected])
https://www.amttgroup.com/ Product ([email protected])
https://www.cnvd.org.cn/flaw/show/CNVD-2021-37784 Issue Tracking ([email protected])
https://www.vulncheck.com/advisories/amtt-hibos-command-injection-rce-via-server-ping-php Third Party Advisory ([email protected])