CVE-2023-33782 PoC — D-Link DIR-842 命令注入漏洞

Source

https://github.com/s0tr/CVE-2023-33782

Associated Vulnerability

Title:D-Link DIR-842 命令注入漏洞 (CVE-2023-33782)
Description:D-Link DIR-842是中国友讯（D-Link）公司的一款无线路由器。 D-Link DIR-842V2 1.0.3版本存在安全漏洞，该漏洞源于存在命令注入漏洞。

Readme

# CVE-2023-33782

## Description
D-Link DIR-842V2 v1.0.3 was discovered to contain a command injection vulnerability in the `iperf3` diagnostics functionality.

## Proof of concept
![Proof Of Concept](./images/execute_exploit.png)

## Timeline
* Dec 09, 2022 - Contact vendor
* Dec 09, 2022 - Received response from vendor
* Dec 10, 2022 - Sent vulnerability report to vendor
* Feb 09, 2023 - Requested a status update from vendor
* Mar 29, 2023 - Requested a status update from vendor
* Mar 29, 2023 - Received a status update
* Mar 31, 2023 - Received a potentially fixed firmware from vendor
* Apr 03, 2023 - Reported that the new firmware does not fix the vulnerability
* Apr 06, 2023 - Received response from vendor
* May 25, 2023 - Assigned CVE
* Jun 03, 2023 - Published exploit

File Snapshot


 [4.0K]  /data/pocs/2a80f35259cac3574ccf76696311ce46cbe6075a
├── [5.2K]  exploit.py
├── [4.0K]  images
│   └── [ 83K]  execute_exploit.png
└── [ 785]  README.md

1 directory, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!