Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-25280 PoC — D-Link DIR820LA1 操作系统命令注入漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-25280.yaml
Associated Vulnerability
Title:D-Link DIR820LA1 操作系统命令注入漏洞 (CVE-2023-25280)
Description:D-Link DIR820LA1是中国友讯(D-Link)公司的一款路由器。 D-Link DIR820LA1_FW105B03版本存在安全漏洞,该漏洞源于存在操作系统命令注入漏洞,攻击者利用该漏洞可以通过精心设计的有效载荷将权限提升到root。
Description
OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a crafted payload with the ping_addr parameter to ping.ccp.
File Snapshot

 id: CVE-2023-25280

info:
  name: D-Link DIR820LA1_FW105B03 'ping_addr' - OS Command Injection
  aut

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.