High severity8.8NVD Advisory· Published Jan 13, 2026· Updated Apr 15, 2026
CVE-2022-50909
CVE-2022-50909
Description
Algo 8028 Control Panel version 3.3.3 contains a command injection vulnerability in the fm-data.lua endpoint that allows authenticated attackers to execute arbitrary commands. Attackers can exploit the insecure 'source' parameter by injecting commands that are executed with root privileges, enabling remote code execution through a crafted POST request.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: = 3.3.3
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.