CVE-2021-43469 PoC — VENGA 路由器命令注入漏洞

Source

https://github.com/badboycxcc/CVE-2021-43469

Associated Vulnerability

Title:VENGA 路由器命令注入漏洞 (CVE-2021-43469)
Description:VENGA 路由器是一款路由器。 VENGA 路由器存在命令注入漏洞，该漏洞源于VINGA WR-N300U 77.102.1.4853受到了goahead组件中命令执行漏洞的影响。

Description

CVE-2021-43469

Readme

# CVE-2021-43469
![image](https://user-images.githubusercontent.com/72059221/144845110-cc77bcfb-d503-4b36-8be5-d428a5ce004e.png)


### Exploit Title: VINGA router has weak passwords and background command execution vulnerabilities.
### product: VINGA WR-N300U 
### webserver: goahead
### Author: CXAQHQ
### TIME: 2021-11-01

### Command execution vulnerabilities exist on the Ping and traceroute interfaces after login.
### Run the IP addr command
![avatar](post.jpg)
![avatar](222.png)


### IDA looks at the vulnerability code
![avatar](333.png)

File Snapshot


 [4.0K]  /data/pocs/d5ce4dc0fb8e6c370cfecc09d0efd67cd99e5974
├── [ 43K]  222.png
├── [ 34K]  333.png
├── [1.9M]  post.jpg
└── [ 548]  README.md

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2021-43469 PoC — VENGA 路由器 命令注入漏洞