来源

关联漏洞

描述

CVE-2023-33538 - TP-Link Command Injection Ruby module for Metasploit Framework 

介绍

# CVE-2023-33538 – TP-Link TL-WR940N/841N Command Injection (Metasploit module)

This Metasploit **auxiliary module** targets an authenticated **command injection vulnerability** in TP-Link TL-WR940N V2/V4 and TL-WR841N V8/V10 routers.  
The issue lies in the vulnerable `ssid1` parameter used in `WlanNetworkRpm.htm`, which allows injection of arbitrary shell commands.

When successful, it allows the attacker to execute arbitrary commands on the device.

More information about the CVE:  
https://nvd.nist.gov/vuln/detail/CVE-2023-33538

---

## How to run this module?

1. Copy the `.rb` file into your Metasploit modules folder, for example:

```bash
cp tplink_ssid1_rce.rb/usr/share/metasploit-framework/modules/auxiliary/admin/http/
```

2. Start Metasploit console:

```bash
msfconsole
```

3. Search and use the module:

```bash
search tplink
use auxiliary/admin/http/tplink_ssid1_rce
```

4. Set required options:

```
set RHOSTS 192.168.0.1
set RPORT 80
set AUTHCOOKIE Basic%20YWRtaW46YWRtaW4%3D
set SESSIONPATH /ABCD1234/
set CMD reboot
run
```

> The module **does not** perform authentication. You must manually extract the `Authorization` cookie and session prefix from a successful login to the router's web interface.

---

## References

- https://nvd.nist.gov/vuln/detail/CVE-2023-33538  
- https://web.archive.org/web/20230609111043/https://github.com/a101e-IoTvul/iotvul/blob/main/tp-link/3/TL-WR940N_TL-WR841N_userRpm_WlanNetworkRpm_Command_Injection.md

---

## Disclaimer

This module is intended **for educational purposes only**.  
**Do not use this code against devices or infrastructure you do not own or have explicit permission to test.**

---

## Issues 

If you find bugs, or have ideas for improvements – feel free to open an issue or leave a comment. 

文件快照

 [4.0K]  /data/pocs/f8d2b4aefeab2339a7d559e4dfb7ddeed5d4e227
├── [1.7K]  README.md
└── [2.9K]  tplink_ssid1_rce.rb

0 directories, 2 files

备注