AirLink101 SkyIPCam1620W - RCE (CVE-2015-2280)
1Exploiting IPs reported
snwrite.cgi in AirLink101 SkyIPCam1620W Wireless N MPEG4 3GPP network camera with firmware FW_AIC1620W_1.1.0-12_20120709_r1192.pck allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the mac parameter.
CrowdSec analysis
CVE-2015-2280 is Remote Code Execution vulnerability affecting AirLink101 SkyIPCam network camera. The vulnerability allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the mac parameter.
CrowdSec has been tracking this vulnerability and its exploits since 2nd of July 2025.
Based on data from the CrowdSec network, nearly all observed exploitation of CVE-2015-2280 is fully opportunistic, with attackers indiscriminately scanning the entire internet. These attacks are automated and lack any form of target selection or reconnaissance. Telemetry from the CrowdSec network also shows that exploitation activity for CVE-2015-2280 remains steady week-over-week. Attack volumes are consistent with long-term trends, indicating sustained interest from threat actors. CVE-2015-2280 continues to be an active part of the threat landscape and will likely remain this way for the forseeable future.
Observed exploitation targets /maker/snwrite.cgi endpoint and the mac parameter.
Exploitation
Get real-time information about exploitation attempts and actors involved.
Common Weakness Enumeration (CWE)
Protection
Find out relevant information to protect your stack against this CVE.
Blocklist
With our advanced worldwide network detection, CrowdSec can provide a list of IPs known for exploiting the vulnerability.
To increase your protection against this CVE, block exploitation attempts with this list of identified actors.