Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-30013 PoC — TOTOLINK X5000R 操作系统命令注入漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-30013.yaml
Associated Vulnerability
Title:TOTOLINK X5000R 操作系统命令注入漏洞 (CVE-2023-30013)
Description:TOTOLINK X5000R是中国吉翁电子(TOTOLINK)公司的一个路由器。 TOTOLINK X5000R V9.1.0u.6118_B20201102和V9.1.0u.6369_B20230113 版本存在安全漏洞,该漏洞源于setting/setTracerouteCfg存在命令注入,攻击者利用该漏洞可以通过command参数执行任意命令。
Description
TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the "command" parameter.
File Snapshot

 id: CVE-2023-30013

info:
  name: TOTOLink - Unauthenticated Command Injection
  author: gy741
  sev

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.