CVE-2021-46704 PoC — GenieACS 操作系统命令注入漏洞

Source

https://github.com/Erenlancaster/CVE-2021-46704

Associated Vulnerability

Title:GenieACS 操作系统命令注入漏洞 (CVE-2021-46704)
Description:GenieACS是一款高性能自动配置服务器 (ACS)，用于远程管理启用 TR-069 的设备。 GenieACS 1.2.8之前的版本存在安全漏洞，该漏洞源于输入验证不足以及缺少授权检查造成的，UI接口API很容易通过ping主机参数进行未经身份验证的OS命令注入的攻击。

Description

CVE-2021-46704 Nuclei template

Readme

# OS Command Injection in GenieACS CVE-2021-46704
CVE-2021-46704 Nuclei template


![image](https://github.com/Erenlancaster/CVE-2021-46704/assets/50498704/469be353-f5f5-46fc-9a1f-009997f48156)

## Reference : 
- https://github.com/advisories/GHSA-2877-693q-pj33
- https://nvd.nist.gov/vuln/detail/CVE-2021-46704
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-46704
- https://debricked.com/vulnerability-database/vulnerability/CVE-2021-46704

File Snapshot


 [4.0K]  /data/pocs/41d83b925aa0480f72828b8472cfc9d904af540a
├── [ 479]  CVE-2021-46704.yaml
└── [ 449]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!