Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-11896 PoC — Treck TCP/IP stack 输入验证错误漏洞

Source
https://github.com/0xkol/ripple20-digi-connect-exploit
Associated Vulnerability
Title:Treck TCP/IP stack 输入验证错误漏洞 (CVE-2020-11896)
Description:Treck TCP/IP是美国Treck公司的一套专用于嵌入式系统的TCP(传输控制协议)/IP(网际互连协议)套件。 Treck TCP/IP stack 6.0.1.66之前版本中存在输入验证错误漏洞,该漏洞源于程序没有正确处理长度参数的差异。攻击者可利用该漏洞执行代码。
Description
RCE exploit for CVE-2020-11896 (Ripple20 IP-in-IP Heap Overflow Vulnerability) targeting Digi Connect ME 9210
Readme
Ripple20 Exploit: Digi Connect ME 9210
======================================

Authors: Moshe Kol, Shlomi Oberman

This repository contains a PoC exploit for CVE-2020-11896, a critical heap-based buffer overflow vulnerability in the Track TCP/IP stack (part of the Ripple20 vulnerability suite). 

The exploit achieves remote code execution (RCE) on a Digi Connect ME 9210 device running NET+OS 7.5. You can find the full write-up [here](https://www.jsof-tech.com/wp-content/uploads/2020/06/JSOF_Ripple20_Technical_Whitepaper_June20.pdf).
File Snapshot

 [4.0K]  /data/pocs/06c61cee2bc5be02c68058aa4ae104340dfeea4e
├── [ 11K]  digi_connect_exploit.py
├── [ 194]  led_shellcode_arm32be
├── [1.0K]  LICENSE
└── [ 541]  README.md

0 directories, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.