PROLiNK PRC2402M Satellite List Page Allows Attacker Command Injection

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

10.0

PROLiNK PRC2402M Satellite List Page Allows Attacker Command Injection

CVE-2021-35402

Summary

A security issue in PROLiNK PRC2402M's satellite list page allows an attacker to inject malicious commands. This could potentially allow an attacker to access or modify sensitive system files. Update the device to the latest version to fix this issue.

Original title

PROLiNK PRC2402M 20190909 before 2021-06-13 allows live_api.cgi?page=satellite_list OS command injection via shell metacharacters in the ip parameter (for satellite_status).

Original description

PROLiNK PRC2402M 20190909 before 2021-06-13 allows live_api.cgi?page=satellite_list OS command injection via shell metacharacters in the ip parameter (for satellite_status).

nvd CVSS3.1 10.0

Vulnerability type

CWE-78 OS Command Injection

https://starlabs.sg/advisories/21/21-35402/

Published: 20 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026