CVE-2020-8958 PoC — Guangzhou 1GE ONU V2801RW和V2804RGW 安全漏洞

Source

https://github.com/Asjidkalam/CVE-2020-8958

Associated Vulnerability

Title:Guangzhou 1GE ONU V2801RW和V2804RGW 安全漏洞 (CVE-2020-8958)
Description:Guangzhou V-Solution Telecommunication Technology Guangzhou 1GE ONU是中国广州维讯通信科技有限公司（Guangzhou V-Solution Telecommunication Technology）公司的一款路由器。 Guangzhou 1GE ONU V2801RW 1.9.1-181203版本至2.9.0-181024版本和V2804RGW 1.9.1-181203版本至2.9.0-181024版本中的boaform/admin/fo

Description

CVE-2020-8958: Authenticated RCE exploit for NetLink HG323

Readme

# CVE-2020-8958
**CVE-2020-8958**: Authenticated Remote Code Execution Exploit for NetLink Routers using `boa` server.
<br><br>
<b>CVSS Score:</b> 7.2
<br>
<b>Vulnerability Type(s):</b> OS Command Injection
<br>
<b>Authentication:</b> Required
<br>
<b>Affected Model(s):</b> HG323
<br>

# Description
The `/boaform/admin/formPing` resource in Netlink routers allows remote attackers to perform `OS Command Injection` via the `target_addr` parameter.

# Usage
```bash
    usage: CVE-2020-8958.py [-h] -i URL [-u [USER]] [-p [PASS]]

    CVE-2020-8958: Authenticated remote code execution exploit

    optional arguments:
    -h, --help            show this help message and exit
    -i URL, --Url URL     Target IP of router
    -u [USER], --User [USER]
                            Username
    -p [PASS], --Pass [PASS]
                            Password
```

File Snapshot


 [4.0K]  /data/pocs/5b7f299b6e43d3f66331b96e9020e36c55fa03ad
├── [3.3K]  CVE-2020-8958.py
└── [ 860]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!