CVE-2023-33781 PoC — D-Link DIR-842 安全漏洞

Source

https://github.com/s0tr/CVE-2023-33781

Associated Vulnerability

Title:D-Link DIR-842 安全漏洞 (CVE-2023-33781)
Description:D-Link DIR-842是中国友讯（D-Link）公司的一款无线路由器。 D-Link DIR-842V2 1.0.3版本存在安全漏洞，该漏洞源于存在命令执行漏洞。

Readme

# CVE-2023-33781

## Description
D-Link DIR-842V2 v1.0.3 was discovered to allow a user to run an arbitrary binary when connecting to telnet. This vulnerability can be triggered using backup/restore functionality.

## Proof of concept
![Proof Of Concept](./images/execute_exploit.png)

## Timeline
* Dec 09, 2022 - Contact vendor
* Dec 09, 2022 - Received response from vendor
* Dec 10, 2022 - Sent vulnerability report to vendor
* Feb 09, 2023 - Requested a status update from vendor
* Mar 29, 2023 - Requested a status update from vendor
* Mar 29, 2023 - Received a status update
* Mar 31, 2023 - Received a potentially fixed firmware from vendor
* Apr 03, 2023 - Reported to vendor that the new firmware fixes the vulnerability
* Apr 06, 2023 - Received response from vendor
* May 25, 2023 - Assigned CVE
* Jun 03, 2023 - Published exploit

File Snapshot


 [4.0K]  /data/pocs/b7bbf66c04bbc7fe1db08ba85816d773a5f2c041
├── [9.5K]  exploit.py
├── [4.0K]  images
│   └── [125K]  execute_exploit.png
└── [ 842]  README.md

1 directory, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!