关键信息 Title: Tenda HG6 v3.3.0 Remote Command Injection Vulnerability Advisory ID: ZSL-2022-5706 Type: Local/Remote Impact: System Access, DoS Risk: 4/5 Release Date: 03.05.2022 Summary: HG6是用于Tenda FTTH解决方案的智能路由无源光网络终端,存在认证OS命令注入漏洞。 Description: 通过'pingAddr'和'traceAddr'HTTP POST参数下的formPing, formPing6, formTraceroute和formTraceroute6接口,可以被利用注入和执行任意shell命令。 Vendor: Tenda Technology Co., Ltd. Affected Version: - Firmware version: 3.3.0-210926 - Software version: v1.1.0 - Hardware Version: v1.0 - Check Version: TD_HG6_XPON_TDE_ISP Tested On: Boa/0.93.15 Vendor Status: - [22.04.2022] 漏洞发现 - [26.04.2022] 联系供应商 - [01.05.2022] 供应商无响应 - [03.05.2022] 公开安全公告发布 PoC: tenda_hg6_cmdinj.txt Credits: 发现漏洞的Gjoko Krstic References: - [1] https://packetstormsecurity.com/files/166932/Tenda-HG6-3.3.0-Remote-Command-Injection.html - [2] https://cxsecurity.com/issue/WLB-2022050009 - [3] https://exchange.xforce.ibmcloud.com/vulnerabilities/225715 - [4] https://www.sploitus.com/exploit?id=ZSL-2022-5706 - [5] https://www.exploit-db.com/exploits/50916 - [6] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30425 - [7] https://nvd.nist.gov/vuln/detail/CVE-2022-30425 Changelog: - [03.05.2022] - 初始发布 - [09.05.2022] - 添加参考文献[1],[2],[3],[4] - [13.05.2022] - 添加参考文献[5] - [29.05.2022] - 添加参考文献[6],[7]