Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-25084 PoC — TOTOLINK T6 操作系统命令注入漏洞

Source
https://github.com/Threekiii/Awesome-POC/blob/master/%E7%BD%91%E7%BB%9C%E8%AE%BE%E5%A4%87%E6%BC%8F%E6%B4%9E/TOTOLink%20%E5%A4%9A%E4%B8%AA%E8%AE%BE%E5%A4%87%20download.cgi%20%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20CVE-2022-25084.md
Associated Vulnerability
Title:TOTOLINK T6 操作系统命令注入漏洞 (CVE-2022-25084)
Description:TOTOLINK T6是中国吉翁电子(TOTOLINK)公司的一款无线双频路由器。 TOTOLINK T6 存在操作系统命令注入漏洞,该漏洞源于TOTOLink T6 V5.9c.4085_B20190428 被发现在“Main”函数中包含命令注入漏洞。 此漏洞允许攻击者通过 QUERY_STRING 参数执行任意命令。
File Snapshot

 # TOTOLink 多个设备 download.cgi 远程命令执行漏洞 CVE-2022-25084

## 漏洞描述

TOTOLink 多个设备 download.cgi文件存在远程命令执行漏

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.