CVE-2015-6024 is a critical command-injection issue in NetCommWireless HSPA 3G10WVE router firmware affecting ping.cgi. The supplied description says remote authenticated users can trigger arbitrary command execution by injecting shell metacharacters into DIA_IPADDRESS. Because this is on a router management path, exposed or weakly protected admin access can translate into full device compromise.
This issue affects NetCommWireless HSPA 3G10WVE routers running vulnerable firmware and involves ping.cgi accepting a direct request that bypasses intended access restrictions. NVD rates it as network-exploitable with no authentication or user interaction required, and the supplied description says it can be combined with CVE-2015-6024 to execute arbitrary commands. If these routers are still deployed and [truncated]
