Headline
CVE-2020-23584: GitHub - huzaifahussain98/CVE-2020-23584: REMOTE CODE EXECUTION
Unauthenticated remote code execution in OPTILINK OP-XT71000N, Hardware Version: V2.2 occurs when the attacker passes arbitrary commands with IP-ADDRESS using " | " to execute commands on " /diag_tracert_admin.asp " in the “PingTest” parameter that leads to command execution.
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
1 branch 0 tags
Code
Use Git or checkout with SVN using the web URL.
Open with GitHub Desktop
Download ZIP
Latest commit
FilesPermalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
CVE-2020-23584
OPTILINK E-PON “MODEL NO: OP-XT71000N” with "HARDWARE VERSION: V2.2"; & “FIRMWARE VERSION: OP_V3.3.1-191028”
Unauthenticated remote code execution on "OPTILINK OP-XT71000N, Hardware Version: V2.2". The issue occurs when the attacker passes arbitrary commands with IP-ADDRESS using " | " to execute commands on " /diag_tracert_admin.asp " in the “PingTest” parameter that leads to command execution.
TARGET
/diag_tracert_admin.asp
Attack Vector
pass arbitrary commands with IP-ADDRESS using " | " to execute commands.
REGARDS
Huzaifa Hussain
https://twitter.com/disguised_noob
https://www.linkedin.com/in/huzaifa-hussain-046791179