Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-29379 PoC — D-Link DIR-802 操作系统命令注入漏洞

Source
https://github.com/Threekiii/Awesome-POC/blob/master/%E7%BD%91%E7%BB%9C%E8%AE%BE%E5%A4%87%E6%BC%8F%E6%B4%9E/D-Link%20DIR-802%20%E5%91%BD%E4%BB%A4%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E%20CVE-2021-29379.md
Associated Vulnerability
Title:D-Link DIR-802 操作系统命令注入漏洞 (CVE-2021-29379)
Description:D-Link DIR-802是中国台湾友讯(D-Link)公司的一个无线路由器。 D-Link DIR-802 A1 1.00b05 存在操作系统命令注入漏洞,该漏洞源于系统默认情况下在1900端口开启了通用即插即用功能。攻击者可利用该漏洞通过向SSDP M-SEARCH discover报文的ST (Search Target)字段中注入有效载荷来执行命令注入。
File Snapshot

 # D-Link DIR-802 命令注入漏洞 CVE-2021-29379

## 漏洞描述

DIR-802中存在一个命令注入漏洞,攻击者可以通过精心制作的M-SEARCH数据包向UPnP注入任意

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.