CVE-2017-17309 PoC — Huawei HG255s-10 路径遍历漏洞

Source

Associated Vulnerability

Description

🚀 Server Directory Traversal at Huawei HG255s ☄️ - CVE-2017-17309 🚀

Readme

### Server Directory Traversal at Huawei HG255s - CVE-2017-17309

![huawei](https://user-images.githubusercontent.com/15425071/31989903-489b48fa-b97c-11e7-8698-ea794276d08a.png)

<p align="center">
  <img src="https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg"> <img src="https://img.shields.io/github/stars/exploit-labs/huawei_hg255s_exploit?style=social"> <img src="https://img.shields.io/github/forks/exploit-labs/huawei_hg255s_exploit?style=social"> <img src="https://img.shields.io/github/repo-size/exploit-labs/huawei_hg255s_exploit"> <img src="https://img.shields.io/github/license/exploit-labs/huawei_hg255s_exploit"> <img src="https://img.shields.io/github/issues/detail/author/exploit-labs/huawei_hg255s_exploit/1">
</p>

##### Letter of Thanks

![letterofthanks](https://user-images.githubusercontent.com/15425071/31990117-d75894e4-b97c-11e7-8275-6909a6b47b48.png)

#### Exploit Title: [Server Directory Traversal at Huawei HG255s]

#### Exploit Author: [Ismail Tasdelen]

#### CVE : CVE-2017-17309

#### Vendor Homepage: [[www.huawei.com](https://www.huawei.com)]
 
#### Software Link: [Not published this modem just used by Turkey]
 
#### Version: [V100R001C163B025SP02]

![cve-2017-17309](https://user-images.githubusercontent.com/15425071/39086966-c989b58a-45a1-11e8-9a7e-abbb34393ba9.PNG)

##### Finding Vulnerabilities and Approved Exploits

* [Server Directory Traversal at Huawei HG255s - 1](https://github.com/ismailtasdelen/huawei_hg255s_exploit/blob/master/exploit/huawei_hg255_exploit_1.txt)

* [Server Directory Traversal at Huawei HG255s - 2](https://github.com/ismailtasdelen/huawei_hg255s_exploit/blob/master/exploit/huawei_hg255_exploit_2.txt)

* [Server Directory Traversal at Huawei HG255s - 3](https://github.com/ismailtasdelen/huawei_hg255s_exploit/blob/master/exploit/huawei_hg255_exploit_3.txt)

##### References :

* https://www.vulnerability-lab.com/get_content.php?id=2099
* https://www.vulnerability-lab.com/get_content.php?id=2100
* https://cxsecurity.com/issue/WLB-2017120035
* https://hackertor.com/2017/12/06/huawei-hg255s-server-directory-traversal/
* https://www.exploit-database.net/?id=94806
* https://github.com/ismailtasdelen/huawei_hg255s_exploit
* http://www.huawei.com/en/psirt/security-notices/huawei-sn-20170911-01-hg255s-en
* https://nvd.nist.gov/vuln/detail/CVE-2017-17309
* https://www.cvedetails.com/cve/CVE-2017-17309/
* https://vuldb.com/?id.119545
* https://vulners.com/cve/CVE-2017-17309
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17309

File Snapshot

 [4.0K]  /data/pocs/3515b60c980d73bb7eb27298b0d0b42abba05704
├── [4.0K]  exploit
│   ├── [ 536]  huawei_hg255_exploit_1.txt
│   ├── [ 537]  huawei_hg255_exploit_2.txt
│   └── [ 537]  huawei_hg255_exploit_3.txt
├── [1.0K]  LICENSE
├── [2.5K]  README.md
└── [4.0K]  tools
    └── [   1]  hg255s_attack.py

2 directories, 6 files

Remarks