CVE-2022-29383 PoC — NETGEAR ProSafe SSL VPN firmware FVS336G SQL注入漏洞

Source

https://github.com/cxaqhq/netgear-to-CVE-2022-29383

Associated Vulnerability

Title:NETGEAR ProSafe SSL VPN firmware FVS336G SQL注入漏洞 (CVE-2022-29383)
Description:NETGEAR FVS336G是美国网件（NETGEAR）公司的一款VPN（虚拟私人网络）防火墙路由器。 NETGEAR ProSafe SSL VPN firmware FVS336Gv2 和FVS336Gv3版本存在安全漏洞，该漏洞源于cgi-bin/platform.cgi中的USERDBDomains.Domainname缺少过滤转义，攻击者利用该漏洞可进行SQL注入攻击。

Readme

# NETGEAR ProSafe  SSL VPN
# CVE-2022-29383
to https://github.com/badboycxcc/Netgear-ssl-vpn-20211222-CVE-2022-29383

SQL injection vulnerability exists in scgi-bin/platform.cgi
Firmware version：
FVS318Gv2 and FVS318N


### FVS318Gv2
![](https://github.com/cxaqhq/netgear/blob/main/FVS318G-0.png)

![](https://github.com/cxaqhq/netgear/blob/main/FVS318G-1.png)

### FVS318N
![](https://github.com/cxaqhq/netgear/blob/main/FVS318N-0.png)

![](https://github.com/cxaqhq/netgear/blob/main/FVS318N-1.png)

File Snapshot


 [4.0K]  /data/pocs/6f8e2a8e6595955e2ede4eb30229e41b89ac3ee0
├── [ 97K]  FVS318G-0.png
├── [433K]  FVS318G-1.png
├── [100K]  FVS318N-0.png
├── [389K]  FVS318N-1.png
└── [ 503]  README.md

0 directories, 5 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!