CVE-2022-25060 PoC — Tp-link TL-WR840N 操作系统命令注入漏洞

Source

https://github.com/exploitwritter/CVE-2022-25060

Associated Vulnerability

Title:Tp-link TL-WR840N 操作系统命令注入漏洞 (CVE-2022-25060)
Description:TP-LINK TL-WR840N是中国普联（TP-LINK）公司的一款无线路由器。 TP-LINK TL-WR840N(ES) V6.20 180709版本存在操作系统命令注入漏洞，该漏洞源于组件oal_startPing缺少对于命令参数的过滤和转义。

Description

This script exploits a remote command execution vulnerability under the oal_startPing component in the TPLink WR840N router.

Readme

# CVE-2022-25060
This script exploits a remote command execution vulnerability under the oal_startPing component in the TPLink WR840N router.

File Snapshot


 [4.0K]  /data/pocs/54f1a8a18d860f1ff38b596488119d37abd14e9b
├── [3.2K]  CVE-2022-25060.py
├── [ 142]  README.md
└── [1.5K]  reverse_shell_mipsle.c

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!