CVE-2023-20073 PoC — Cisco Small Business RV340 代码问题漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-20073.yaml

Associated Vulnerability

Title:Cisco Small Business RV340 代码问题漏洞 (CVE-2023-20073)
Description:Cisco Small Business RV340是美国思科（Cisco）公司的一个路由器。连接两个或多个网络的硬件设备，在网络间起网关的作用。 Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers存在安全漏洞，该漏洞源于文件上传上下文中的授权执行机制不足，攻击者利用该漏洞可以将任意文件上传到受影响的设备。

Description

A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insufficient authorization enforcement mechanisms in the context of file uploads. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to upload arbitrary files to the affected device.

File Snapshot


 id: CVE-2023-20073

info:
  name: Cisco VPN Routers - Unauthenticated Arbitrary File Upload
  author

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!