Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%

CVE-2024-55211 PoC — Think Router Tk-Rt-Wr135G 安全漏洞

Source
Associated Vulnerability
Title:Think Router Tk-Rt-Wr135G 安全漏洞 (CVE-2024-55211)
Description:Think Router Tk-Rt-Wr135G是Think公司的一款路由器。 Think Router Tk-Rt-Wr135G V3.0.2-X000版本存在安全漏洞,该漏洞源于认证绕过,可通过特制cookie实现。
Description
Cookie-based authentication vulnerability on Tk-Rt-Wr135G
Readme
# CVE-2024-55211
Cookie-based authentication vulnerability on Tk-Rt-Wr135G

# Affected vendor
Think Technology

# Affected product
Wireless Router Ac 1200Mbps Tk-Rt-Wr135G

# Affected version
Firmware V3.0.2-X000

# Description
The vulnerability allows the bypass of the login form in the router TK-RT-WR135G, allowing the attacker to change any configuration designed for the router.
This is made possible by changing the value of the LoginStatus cookie, altering its initial value of "false" to "true", which makes the user logged in for a set period of time.

# Exploit
This vulnerability can be exploited via a web browser's console or a cookie inspector.

# Attack vectors
Considering the power to change any configuration, the vulnerability allows for attack vectors such as DNS hijacking by altering the default DNS to any arbitrary one hosted on a machine that's part of the LAN with custom DNS rules; custom firmware updates and direct un-authed requests to the router using tools such as curl.

# PoC
https://github.com/user-attachments/assets/e7c26afc-85f3-4f0e-be34-63df5e3084ca
File Snapshot

[4.0K] /data/pocs/251c2d05e33a8934dfc9d94be084b2247b4cbd09 └── [1.1K] README.md 0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.