admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-05-05 10:16:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add Ricon Industrial Cellular Router apply.cgi RCE

Browse Source
This commit is contained in:
xiaoheihei1107 2021-08-09 14:07:38 +08:00 committed by GitHub
parent 552cbe5042
commit fbbf46dfed
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
Ricon/Ricon Industrial Cellular Router apply.cgi RCE/README.md Normal file
View File

@ -0,0 +1,10 @@
# Ricon Industrial Cellular Router apply.cgi RCE
The router suffers from an authenticated OS command injection vulnerability, This can be exploited to inject and execute arbitrary shell commands as the admin user via the ping_server_ip POST parameter. Also vulnerable to Heartbleed.
FOFA **query rule**: [body="Industrial Cellular" && server="WEB-ROUTER"](https://fofa.so/result?qbase64=Ym9keT0iSW5kdXN0cmlhbCBDZWxsdWxhciIgJiYgc2VydmVyPSJXRUItUk9VVEVSIg%3D%3D)
# Demo
![](Ricon_Industrial_Cellular_Router_apply_cgi_RCE.gif)