REMOTE CODE EXECUTION found in "OPTILINK OP-XT71000N".# CVE-2020-23583
**OPTILINK E-PON "MODEL NO: OP-XT71000N" with "HARDWARE VERSION: V2.2"; & "FIRMWARE VERSION: OP_V3.3.1-191028"**
REMOTE CODE EXECUTION found in "OPTILINK OP-XT71000N". The issue occurs when the attacker sends an arbitrary code on "/diag_ping_admin.asp" to "PingTest" interface that leads to COMMAND EXECUTION. An attacker can successfully trigger the COMMAND and can compromise full system.
**TARGET**
/diag_ping_admin.asp
**Attack Vector**
pass arbitrary commands with IP-ADDRESS using " | " to execute commands.
**REGARDS**
Huzaifa Hussain
https://twitter.com/disguised_noob
https://www.linkedin.com/in/huzaifa-hussain-046791179
[4.0K] /data/pocs/5bff2bd0f0697e723e7f183b12ddc09dedd1c666
└── [ 660] README.md
0 directories, 1 file