CVE-2019-3929 PoC — 多款路由器命令操作系统命令注入漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2019/CVE-2019-3929.yaml

Associated Vulnerability

Title:多款路由器命令操作系统命令注入漏洞 (CVE-2019-3929)
Description:多款路由器中存在命令操作系统命令注入漏洞。该漏洞源于外部输入数据构造可执行命令过程中，网络系统或产品未正确过滤其中的特殊元素。攻击者可利用该漏洞执行非法命令。以下产品及版本受到影响：使用1.6.0.2版本固件的Crestron AM-100；使用2.7.0.1版本固件的Crestron AM-101；使用2.3.0.10版本固件的Barco wePresent WiPG-1000P；使用2.4.1.19之前版本固件的Barco wePresent WiPG-1600W；使用2.0.3.4版本固件的Extr

Description

The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.

File Snapshot


 id: CVE-2019-3929

info:
  name: Barco/AWIND OEM Presentation Platform - Remote Command Injection
  

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!