Hytec Inter HWL-2511-SS - RCE (CVE-2022-36553)
386Exploiting IPs reported
Hytec Inter HWL-2511-SS v1.05 and below was discovered to contain a command injection vulnerability via the component /www/cgi-bin/popen.cgi.
CrowdSec analysis
CVE-2022-36553 is a command injection vulnerability in Hytec Inter HWL-2511-SS, allowing remote attackers to execute arbitrary commands through a CGI component.
CrowdSec has been tracking this vulnerability and its exploits since 10th of March 2025.
According to CrowdSec data, while opportunistic exploitation dominates, a portion of threat actors trying to exploit CVE-2022-36553 apply basic targeting methods such as port or service detection. This indicates emerging patterns of selective targeting. Telemetry from the CrowdSec network also shows that exploitation activity for CVE-2022-36553 remains steady week-over-week. Attack volumes are consistent with long-term trends, indicating sustained interest from threat actors. CVE-2022-36553 continues to be an active part of the threat landscape and will likely remain this way for the forseeable future.
Exploitation attempts are typically directed at paths containing /cgi-bin/popen.cgi.
Exploitation
Get real-time information about exploitation attempts and actors involved.
Protection
Find out relevant information to protect your stack against this CVE.
Blocklist
With our advanced worldwide network detection, CrowdSec can provide a list of IPs known for exploiting the vulnerability.
To increase your protection against this CVE, block exploitation attempts with this list of identified actors.