Linksys AX3200 V1.1.00 – Command Injection

• Exploit Database
• 11 阅读

• 作者： Ahmed Alroky
  日期： 2023-03-22
• 类别：

  • webapps
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/51035/

• # Exploit Title: Linksys AX3200 V1.1.00 - Command Injection
  # Date: 2022-09-19
  # Exploit Author: Ahmed Alroky
  # Author: Linksys
  # Version: 1.1.00
  # Authentication Required: YES
  # CVE : CVE-2022-38841
  
  # Tested on: Windows
  
  # Proof Of Concept:
  
  1 - login into AX3200 webui
  2 - go to diagnostics page
  3 - put "google.com|ls" to perform a traceroute
  4 - you will get the file list and also you can try "example.com|id" to ensure that all commands executed as a root user