Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-1389 PoC — TP-LINK Archer AX21 命令注入漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-1389.yaml
Associated Vulnerability
Title:TP-LINK Archer AX21 命令注入漏洞 (CVE-2023-1389)
Description:TP-LINK Archer AX21是中国普联(TP-LINK)公司的一款无线路由器。 TP-LINK Archer AX21 1.1.4 Build 20230219之前的固件版本存在安全漏洞,该漏洞源于存在命令注入漏洞,未经身份验证的攻击者利用该漏洞可以通过简单的POST请求注入以root身份运行的命令。
Description
TP-Link Archer AX21 (AX1800) routers are vulnerable to unauthenticated OS command injection via the country parameter in the locale endpoint. This allows remote attackers to execute arbitrary commands as root.
File Snapshot

 id: CVE-2023-1389

info:
  name: TP-Link Archer AX21 (AX1800) - Unauthenticated Command Injection
  

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.