CVE-2020-27368 PoC — TotoLink A702r 访问控制错误漏洞

Source

https://github.com/swzhouu/CVE-2020-27368

Associated Vulnerability

Title:TotoLink A702r 访问控制错误漏洞 (CVE-2020-27368)
Description:TotoLink A702r是中国吉翁电子（TotoLink）公司的一款路由器设备。 TotoLink A702r V1.0.0-B20161227.1023 存在访问控制错误漏洞，该漏洞允许攻击者通过GET参数访问图标目录。

Description

TOTOLINK-A702R-V1.0.0-B20161227.1023 Directory Indexing Vulnerability

Readme

# CVE-2020-27368
TOTOLINK-A702R-V1.0.0-B20161227.1023 Directory Indexing Vulnerability
## Description
Directory Indexing in Login Portal of Login Portal of TOTOLINK-A702R-V1.0.0-B20161227.1023 allows attacker to access /icons/ directories via GET Parameter.
## Additional Information
Remediation disabling directory listing for web server.
## VulnerabilityType
Directory Indexing
## Vendor of Product
TOTOLINK
## Affected Product Code Base
TOTOLINK-A702R-V1.0.0-B20161227.1023 - Model No. A702R (Firmware V1.0.0)
## Affected Component
Login Portal of TOTOLINK-A702R-V1.0.0-B20161227.1023.
## Attack Type
Local
## Impact Information Disclosure
true
## Discoverer
Jiraput Thamsongkrah
## Proof of Concept
![Alt text](https://github.com/swzhouu/CVE-2020-27368/blob/main/TOTOLINK-A702R-V1.0.0-B20161227.1023%20Directory%20Indexing%20Vulnerability.png)

File Snapshot


 [4.0K]  /data/pocs/72940ce87eb6bb0cb0a9892b6605826b93e09432
├── [ 848]  README.md
└── [ 32K]  TOTOLINK-A702R-V1.0.0-B20161227.1023 Directory Indexing Vulnerability.png

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!