cve/CVE-2017-17867.md at 32646c20e71810932fbd5e08aba28eaca6211a4d

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-12-14 20:08:44 +00:00

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

Inteno iopsys 2.0-3.14 and 4.0 devices allow remote authenticated users to execute arbitrary OS commands by modifying the leasetrigger field in the odhcpd configuration to specify an arbitrary program, as demonstrated by a program located on an SMB share. This issue existed because the /etc/uci-defaults directory was not being used to secure the OpenWrt configuration.

POC

Reference

https://neonsea.uk/blog/2017/12/23/rce-inteno-iopsys.html
https://www.exploit-db.com/exploits/43428/

Github

https://github.com/ARPSyndicate/cvemon
https://github.com/lnick2023/nicenice
https://github.com/nnsee/inteno-exploits
https://github.com/qazbnm456/awesome-cve-poc
https://github.com/xbl3/awesome-cve-poc_qazbnm456

1.1 KiB Raw Blame History

CVE-2017-17867

Description

POC

Reference

Github

1.1 KiB

Raw Blame History