3

[webapps] Linksys AX3200 V1.1.00 - Command Injection

 1 year ago
source link: https://www.exploit-db.com/exploits/51035
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

Linksys AX3200 V1.1.00 - Command Injection

EDB-ID:

51035

EDB Verified:

Exploit:

  /  

Platform:

Hardware

Date:

2023-03-22

Vulnerable App:

# Exploit Title: Linksys AX3200 V1.1.00 - Command Injection
# Date: 2022-09-19
# Exploit Author: Ahmed Alroky
# Author: Linksys
# Version: 1.1.00
# Authentication Required: YES
# CVE : CVE-2022-38841

# Tested on: Windows

# Proof Of Concept:

1 - login into AX3200 webui
2 - go to diagnostics page
3 - put "google.com|ls" to perform a traceroute
4 - you will get the file list and also you can try "example.com|id" to ensure that all commands executed as a root user

report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK