admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-05-05 10:16:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

add Yealink_Device_Management_Platform_SSRF_CVE_2021_27561

Browse Source
This commit is contained in:
gobysec 2021-08-02 20:27:13 +08:00
parent 544904aaf7
commit 5f7195eb14
2 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
Yealink/CVE-2021-27561/README.md Normal file
View File

@ -0,0 +1,10 @@
# Yealink Device Management Platform SSRF (CVE-2021-27561)
Yealink DM (Device Management) platform offers a comprehensive management solution with key features Unified Deployment and Management, Real-Time Monitoring and Alarm, Remote Troubleshooting. By chaining a pre-auth SSRF vulnerability and a command injection vulnerability, it is possible to execute commands as root without authentication against this product, by sending a simple HTTPS request to the remote target.
**FOFA query rule**: [title="dm-v30"](https://fofa.so/result?qbase64=dGl0bGU9ImRtLXYzMCI%3D)
# Demo
![img](Yealink_Device_Management_Platform_SSRF_CVE_2021_27561.gif)

BIN
Yealink/CVE-2021-27561/Yealink_Device_Management_Platform_SSRF_CVE_2021_27561.gif Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.4 MiB