CVE-2020-29669 PoC — Macally WIFISD2-2A82 Media and Travel Router 授权问题漏洞

Source

https://github.com/code-byter/CVE-2020-29669

Associated Vulnerability

Title:Macally WIFISD2-2A82 Media and Travel Router 授权问题漏洞 (CVE-2020-29669)
Description:Macally WIFISD2-2A82 Media and Travel Router是美国Macally公司的一款便捷式多功能路由器。 Macally WIFISD2-2A82 Media and Travel Router 2.000.010 存在授权问题漏洞，该漏洞源于访客用户可以重置自己的密码。这个过程有一个漏洞，可以用来接管管理员帐户并导致shell访问。由于管理用户可能会读取/etc/shadow文件。

Description

Macally WIFISD2

File Snapshot


 [4.0K]  /data/pocs/ddc15d776a5f7fd25f6f9769cd518ad3e5b679d5
├── [4.0K]  images
│   ├── [9.7K]  base.png
│   ├── [ 62K]  burp_1.png
│   ├── [ 57K]  burp_2.png
│   ├── [ 95K]  dashboard.png
│   ├── [ 44K]  etc_password.png
│   ├── [ 93K]  exploit.png
│   ├── [ 51K]  password_changed.png
│   ├── [ 44K]  password_change.png
│   ├── [410K]  router.jpg
│   ├── [ 17K]  telnet_login.png
│   └── [ 30K]  web_login.png
├── [6.0K]  macally_exploit.py
├── [2.5K]  README.rst
└── [1.0M]  writeup.pdf

1 directory, 14 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!