目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CVE-2020-12124 PoC — WAVLINK wavlink 操作系统命令注入漏洞

来源
https://github.com/Scorpion-Security-Labs/CVE-2020-12124
关联漏洞
标题:WAVLINK wavlink 操作系统命令注入漏洞 (CVE-2020-12124)
Description:WAVLINK wavlink是中国睿因科技(WAVLINK)公司的一款路由器。连接两个或多个网络的硬件设备,在网络间起网关的作用。 WAVLINK存在操作系统命令注入漏洞。该漏洞源于外部输入数据构造操作系统可执行命令过程中,网络系统或产品未正确过滤其中的特殊字符、命令等。攻击者可利用该漏洞执行非法操作系统命令。以下产品及版本受到影响: WN530H4 M30H4.V5030.190403版本。
Description
An implementation of a proof-of-concept for CVE-2020-12124
介绍
# Research and Author
- David Baker
- Article: [Anatomy of an IoT Exploit, from Hands-On to RCE](https://www.klogixsecurity.com/scorpion-labs-blog/anatomy-of-an-iot-exploit-from-hands-on-to-rce) (External link)

# CVE-2020-12124
An implementation of a proof-of-concept for CVE-2020-12124 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12124)


    The following is an actualization of CVE-2020-12124, a vulnerability which
    exploits a command injection in the Wavlink WN530H4 router in which certain
    parameters are taken from URL parameters in a web request to the
    /cgi-bin/live_api.cgi endpoint and places them on the command-line without
    first verifying that it is safe to do so. Given the large number of
    vulnerabilities reported across this company's entire product line, it is
    likely that this same vulnerability exists for other models of this company's
    routers.

    See the following for more information:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12124
    https://www.klogixsecurity.com/scorpion-labs-blog/anatomy-of-an-iot-exploit-from-hands-on-to-rce

    usage: CVE-2020-12124-PoC.py [-h] [-t TARGET] [-p PORT] [-c COMMAND]
                                 [-i IDENTITY] [-s] [-v] [-a]

    options:
      -h, --help            show this help message and exit
      -t TARGET, --target TARGET
                            target URL or IP address to throw against
      -p PORT, --port PORT  target port to throw against
      -c COMMAND, --command COMMAND
                            command(s) to be run on target (default: 'exit')
      -i IDENTITY, --identity IDENTITY
                            dummy 'identity' GET parameter (no effect on
                            functionality)
      -s, --ssl             throw over SSL (actually not seen in use in this
                            product)
      -v, --verbose         increase output verbosity (currently not implemented)
      -a, --about           display information about this exploit then exit
文件快照

 [4.0K]  /data/pocs/d8c0bc8e781f30e6376461145223b86ee40a41b3
├── [3.5K]  CVE-2020-12124-PoC.py
├── [1.0K]  LICENSE
└── [2.0K]  README.md

0 directories, 3 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。