Algo · Algo 8028 Control Panel · CVE-2022-50909
**Name of the Vulnerable Software and Affected Versions**
Algo 8028 Control Panel version 3.3.3
**Description**
Algo 8028 Control Panel version 3.3.3 has a command injection issue in the `fm-data.lua` endpoint. Authenticated attackers can execute arbitrary commands by exploiting the insecure `source` parameter. A crafted POST request allows attackers to inject commands that are executed with root privileges, enabling remote code execution.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.