从这个网页截图中,可以获取到以下关于漏洞的关键信息: Affected Version DCME-520 Vulnerability Details Description: DCME-520 Multi-core egress gateway is a new generation of high-performance Internet egress gateway for multi-user, multi-traffic and multi-service types. The command execution vulnerability exists in the DCME-520 gateway web management background. Attackers can use this series of vulnerabilities to execute arbitrary code on the device and control the device. Firmware Download Address: https://www.dcnetworks.com.cn/ruanjian.html?title=dcme Code Analysis Vulnerable File: User Controllable Parameters: - - - - - Injection Points Inside the function, these parameters can be controlled by the user. Exploit Details Payload Example: Verification: Log in to the web management background. Accessing the Vulnerability URL URL: http://8363-218-19-14-194.ngrok-free.app/function/audit/newstatistics/mon_merge_stat_hist.php Construction Payload Create the txt file and write the numbers. Send PoC Execution The txt file is created and written successfully.