CVE-2020-17456 PoC — Seowon Intech SLC-130和SLR-120S 代码注入漏洞

Source

https://github.com/Al1ex/CVE-2020-17456

Associated Vulnerability

Title:Seowon Intech SLC-130和SLR-120S 代码注入漏洞 (CVE-2020-17456)
Description:Seowon Intech SLC-130和SLR-120S中存在安全漏洞。攻击者可通过向system_log.cgi页面发送‘ipAddr’参数利用该漏洞执行代码。

Description

CVE-2020-17456 & Seowon SLC 130 Router RCE

Readme

## Description

On August 21, 2020, seown SLC 130 router was exposed to have an authentication rce vulnerability. The vulnerability number is cve-2020-17456. The vulnerability is due to the ping command injection in the router's Web service diagnosis function. Combined with several groups of hard coded credentials, unauthorized attackers can bypass authentication and execute arbitrary commands on the target device with root privileges. 


## How to use
```
python CVE-2020-17456.py http://192.168.1.1 id
```
eg:

![command](image/rce.jpeg)

## Other

If you want read full post about SLC-130 And SLR-120S Routers Exploit please visit the page below : 

https://maj0rmil4d.github.io/Seowon-SlC-130-And-SLR-120S-Exploit/

File Snapshot


 [4.0K]  /data/pocs/d4bb6d8b2e3d4ac9a0f1e2527641e335412bff97
├── [1.3K]  CVE-2020-17456.py
├── [4.0K]  image
│   └── [ 14K]  rce.jpeg
└── [ 743]  README.md

1 directory, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!