CVE-2022-39986 PoC — RaspAP 命令注入漏洞

Source

https://github.com/tucommenceapousser/RaspAP-CVE-2022-39986-PoC

Associated Vulnerability

Title:RaspAP 命令注入漏洞 (CVE-2022-39986)
Description:RaspAP是应用软件基于 Debian 的设备的简单无线 AP 设置和管理 RaspAP 2.8.0至2.8.7版本存在安全漏洞，该漏洞源于存在命令注入漏洞。允许攻击者通过参数cfg_id执行任意命令。

Description

CVE-2022-39986 PoC

Readme



# CVE-2022-39986 Proof of Concept for RaspAP RCE
![banner](images/banner1.png)

Proof of Concept script for exploiting the RaspAP (CVE-2022-39986) vulnerability. This vulnerability allows an attacker to execute arbitrary commands on a target system through `ajax/openvpn/del_ovpncfg.php` API endpoint.

## Usage

1. Clone this repository to your local machine:

   ```
   git clone https://github.com/WhiteOwl-Pub/RaspAP-CVE-2022-39986-PoC 
   cd RaspAP-CVE-2022-39986-PoC
   ```
2. Run the exploit script:

    ```python3 raspAP-RCE.py [target IP] [target port] [command/"command with flags"]```

Example:

`python3 raspAP-RCE.py 192.168.1.100 8080 "ls -la"`

## Disclaimer

This PoC script is provided for educational and research purposes only. The author and contributors are not responsible for any misuse, damage, or illegal activities caused by the use of this script.

File Snapshot


 [4.0K]  /data/pocs/d3fafa9e0f5553dac6c9245fc9b7028f637cab57
├── [4.0K]  images
│   └── [ 50K]  banner1.png
├── [1.3K]  raspAP-RCE.py
└── [ 879]  README.md

1 directory, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!