admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-06-20 09:50:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

add TOTOLINK routers remote command injection vulnerabilities (CVE-2020-25499)

Browse Source
This commit is contained in:
gaopeng2 2021-08-06 18:06:04 +08:00
parent 9cd64325f9
commit 3236d7ab1f
2 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
TotoLink/CVE-2020-25499/README.md Normal file
View File

@ -0,0 +1,9 @@
# TOTOLINK routers remote command injection vulnerabilities (CVE-2020-25499)
TOTOLINK A3002RU-V2.0.0 B20190814.1034 allows authenticated remote users to modify the system's 'Run Command'. An attacker can use this functionality to execute arbitrary OS commands on the router.
**FOFA query rule**: [(body="/boafrm/formLogin" && body="dw(password_warning)")](https://fofa.so/result?qbase64=KGJvZHk9Ii9ib2Fmcm0vZm9ybUxvZ2luIiAmJiBib2R5PSJkdyhwYXNzd29yZF93YXJuaW5nKSIp)
# Demo
![](TOTOLINK_routers_remote_command_injection_vulnerabilities.gif)

BIN
TotoLink/CVE-2020-25499/TOTOLINK_routers_remote_command_injection_vulnerabilities.gif Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.9 MiB