CVE-2018-19987 PoC — 多款D-Link产品操作系统命令注入漏洞

Source

https://github.com/nahueldsanchez/blogpost_cve-2018-19987-analysis

Associated Vulnerability

Title:多款D-Link产品操作系统命令注入漏洞 (CVE-2018-19987)
Description:D-Link DIR-822等都是中国台湾友讯（D-Link）公司的一款无线路由器。多款D-Link产品中的/HNAP1/SetAccessPointMode存在操作系统命令注入漏洞。该漏洞源于外部输入数据构造操作系统可执行命令过程中，网络系统或产品未正确过滤其中的特殊字符、命令等。攻击者可利用该漏洞执行非法操作系统命令。以下产品及版本受到影响：D-Link DIR-822 Rev.B 202KRb06版本；DIR-822 Rev.C 3.10B06版本；DIR-860L Rev.B 2.03.B03版

Description

This repo has a blog post about my analysis for CVE-2018-19987 an authenticated OS command injection affecting multiple D-Link routers

File Snapshot


 [4.0K]  /data/pocs/86198fd8cdcd1e55f7749f8e8860b085d995ff42
├── [1.0K]  LICENSE
└── [ 15K]  Readme.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!