Headline
CVE-2022-37780: Phicomm_Router/Tracert_1.md at main · SLoSnow9879/Phicomm_Router
Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers V3.0.1.17 were discovered to contain a remote command execution (RCE) vulnerability via the pingAddr parameter of the tracert function.
The FIR151B A2、FIR302E A2、FIR300B A2 and so on routers has remote command execution
1.Login feixun FIR151B A2 router by default password admin /admin
2.Find the system tool → system diagnosis → Tracert → IP address / domain name. There is remote command execution at Tracert
3.Enter the website IP at the IP address / domain name, for example: 8.8.8.8
4.Click Start diagnosis
5.Use burpsuite intercept and change pingAddr argument to 8.8.8.8|ls, forward this request
6.Look at the diagnostic results. The command has been executed successfully