CVE-2022-29383 PoC — NETGEAR ProSafe SSL VPN firmware FVS336G SQL注入漏洞

Source

https://github.com/badboycxcc/Netgear-ssl-vpn-20211222-CVE-2022-29383

Associated Vulnerability

Title:NETGEAR ProSafe SSL VPN firmware FVS336G SQL注入漏洞 (CVE-2022-29383)
Description:NETGEAR FVS336G是美国网件（NETGEAR）公司的一款VPN（虚拟私人网络）防火墙路由器。 NETGEAR ProSafe SSL VPN firmware FVS336Gv2 和FVS336Gv3版本存在安全漏洞，该漏洞源于cgi-bin/platform.cgi中的USERDBDomains.Domainname缺少过滤转义，攻击者利用该漏洞可进行SQL注入攻击。

Readme

# Netgear-ssl-vpn-20211222
# CVE-2022-29383

## NETGEAR ProSafe  SSL VPN  SQL injection vulnerability exists in scgi-bin/platform.cgi     


## Firmware version： FVS336Gv2 - FVS336Gv3

![FVS336Gv3](https://github.com/badboycxcc/Netgear-ssl-vpn-20211222/blob/main/FSV336G-0.png)
### sqlmap command  
![](https://github.com/badboycxcc/Netgear-ssl-vpn-20211222/blob/main/FVS336G-1.png)
### SQL Injection Vulnerability : USERDBDomains.Domainname
![](https://github.com/badboycxcc/Netgear-ssl-vpn-20211222/blob/main/FVS336G-2.png)

File Snapshot


 [4.0K]  /data/pocs/42ab8472abef39e91c671a0b31c499a83a6e148c
├── [ 92K]  FSV336G-0.png
├── [442K]  FVS336G-1.png
├── [388K]  FVS336G-2.png
└── [ 528]  README.md

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!