mirror of https://github.com/qwqdanchun/Goby.git
149 lines
5.7 KiB
JSON
149 lines
5.7 KiB
JSON
|
{
|
|||
|
"Name": "LINKSYS TomatoUSB shell.cgi RCE",
|
|||
|
"Description": "<p><span style=\"color: rgb(22, 51, 102); font-size: 16px;\">Tomato USB is an alternative Linux-based firmware for powering Broadcom-based ethernet routers. It is a modification of the famous Tomato firmware, with additional built-in support for USB port, wireless-N mode support, support for several newer router models, and various enhancements.<br></span></p><p><span style=\"color: rgb(22, 51, 102); font-size: 16px;\">Login the LINKSYS TomatoUSB router</span></p><p><span style=\"color: rgb(22, 51, 102); font-size: 16px;\">by defacult username and password(admin:admin)</span></p><p><span style=\"color: rgb(64, 80, 128); font-size: 18px;\">Execute System Commands</span><br></p>",
|
|||
|
"Product": "LINKSYS TomatoUSB",
|
|||
|
"Homepage": "http://tomatousb.org/",
|
|||
|
"DisclosureDate": "2022-03-25",
|
|||
|
"Author": "atdpa4sw0rd@gmail.com",
|
|||
|
"FofaQuery": "banner=\"TomatoUSB\" || header=\"TomatoUSB\"",
|
|||
|
"GobyQuery": "banner=\"TomatoUSB\" || header=\"TomatoUSB\"",
|
|||
|
"Level": "2",
|
|||
|
"Impact": "<p>Login the LINKSYS TomatoUSB router</p><p>by defacult username and password(admin:admin)</p><p><span style=\"color: rgb(64, 80, 128); font-size: 18px;\">Execute System Commands</span></p>",
|
|||
|
"Recommendation": "<p>1. Change the administrator password in a timely manner</p><p>2. Prohibit the public network from accessing the device</p><p>3. Update the latest system in time</p>",
|
|||
|
"References": [
|
|||
|
"https://fofa.so/"
|
|||
|
],
|
|||
|
"Is0day": false,
|
|||
|
"HasExp": true,
|
|||
|
"ExpParams": [
|
|||
|
{
|
|||
|
"name": "cmd",
|
|||
|
"type": "input",
|
|||
|
"value": "cat /etc/passwd",
|
|||
|
"show": ""
|
|||
|
}
|
|||
|
],
|
|||
|
"ExpTips": {
|
|||
|
"Type": "",
|
|||
|
"Content": ""
|
|||
|
},
|
|||
|
"ScanSteps": [
|
|||
|
"AND",
|
|||
|
{
|
|||
|
"Request": {
|
|||
|
"method": "GET",
|
|||
|
"uri": "/test.php",
|
|||
|
"follow_redirect": true,
|
|||
|
"header": {},
|
|||
|
"data_type": "text",
|
|||
|
"data": ""
|
|||
|
},
|
|||
|
"ResponseTest": {
|
|||
|
"type": "group",
|
|||
|
"operation": "AND",
|
|||
|
"checks": [
|
|||
|
{
|
|||
|
"type": "item",
|
|||
|
"variable": "$code",
|
|||
|
"operation": "==",
|
|||
|
"value": "200",
|
|||
|
"bz": ""
|
|||
|
},
|
|||
|
{
|
|||
|
"type": "item",
|
|||
|
"variable": "$body",
|
|||
|
"operation": "contains",
|
|||
|
"value": "test",
|
|||
|
"bz": ""
|
|||
|
}
|
|||
|
]
|
|||
|
},
|
|||
|
"SetVariable": []
|
|||
|
}
|
|||
|
],
|
|||
|
"ExploitSteps": [
|
|||
|
"AND",
|
|||
|
{
|
|||
|
"Request": {
|
|||
|
"method": "GET",
|
|||
|
"uri": "/test.php",
|
|||
|
"follow_redirect": true,
|
|||
|
"header": {},
|
|||
|
"data_type": "text",
|
|||
|
"data": ""
|
|||
|
},
|
|||
|
"ResponseTest": {
|
|||
|
"type": "group",
|
|||
|
"operation": "AND",
|
|||
|
"checks": [
|
|||
|
{
|
|||
|
"type": "item",
|
|||
|
"variable": "$code",
|
|||
|
"operation": "==",
|
|||
|
"value": "200",
|
|||
|
"bz": ""
|
|||
|
},
|
|||
|
{
|
|||
|
"type": "item",
|
|||
|
"variable": "$body",
|
|||
|
"operation": "contains",
|
|||
|
"value": "test",
|
|||
|
"bz": ""
|
|||
|
}
|
|||
|
]
|
|||
|
},
|
|||
|
"SetVariable": []
|
|||
|
}
|
|||
|
],
|
|||
|
"Tags": [
|
|||
|
"rce"
|
|||
|
],
|
|||
|
"VulType": [
|
|||
|
"rce"
|
|||
|
],
|
|||
|
"CVEIDs": [
|
|||
|
""
|
|||
|
],
|
|||
|
"CNNVD": [
|
|||
|
""
|
|||
|
],
|
|||
|
"CNVD": [
|
|||
|
""
|
|||
|
],
|
|||
|
"CVSSScore": "9.8",
|
|||
|
"Translation": {
|
|||
|
"CN": {
|
|||
|
"Name": "LINKSYS TomatoUSB 路由器后台命令执行",
|
|||
|
"Product": "LINKSYS TomatoUSB",
|
|||
|
"Description": "<p>Tomato USB是一种基于linux的替代固件,用于为基于broadcom的以太网路由器供电。它是著名的Tomato固件的一个修改,具有额外的内置支持USB端口,无线n模式支持,支持几种较新的路由器型号,以及各种增强功能。<br></p><p>LINKSYS TomatoUSB路由器登陆后,默认账号(admin:admin),执行命令<br></p>",
|
|||
|
"Recommendation": "<p>1、及时修改管理员密码</p><p>2、禁止公网访问设备</p><p>3、及时升级最新系统</p>",
|
|||
|
"Impact": "<p><span style=\"color: rgb(22, 51, 102); font-size: 16px;\"><span style=\"color: rgb(22, 51, 102); font-size: 16px;\">可以通过默认口令登录设备</span></span></p><p><span style=\"color: rgb(22, 51, 102); font-size: 16px;\"><span style=\"color: rgb(22, 51, 102); font-size: 16px;\">执行命令,反弹shell等危险操作</span><br></span></p>",
|
|||
|
"VulType": [
|
|||
|
"命令执⾏"
|
|||
|
],
|
|||
|
"Tags": [
|
|||
|
"命令执⾏"
|
|||
|
]
|
|||
|
},
|
|||
|
"EN": {
|
|||
|
"Name": "LINKSYS TomatoUSB shell.cgi RCE",
|
|||
|
"Product": "LINKSYS TomatoUSB",
|
|||
|
"Description": "<p><span style=\"color: rgb(22, 51, 102); font-size: 16px;\">Tomato USB is an alternative Linux-based firmware for powering Broadcom-based ethernet routers. It is a modification of the famous Tomato firmware, with additional built-in support for USB port, wireless-N mode support, support for several newer router models, and various enhancements.<br></span></p><p><span style=\"color: rgb(22, 51, 102); font-size: 16px;\">Login the LINKSYS TomatoUSB router</span></p><p><span style=\"color: rgb(22, 51, 102); font-size: 16px;\">by defacult username and password(admin:admin)</span></p><p><span style=\"color: rgb(64, 80, 128); font-size: 18px;\">Execute System Commands</span><br></p>",
|
|||
|
"Recommendation": "<p>1. Change the administrator password in a timely manner</p><p>2. Prohibit the public network from accessing the device</p><p>3. Update the latest system in time</p>",
|
|||
|
"Impact": "<p>Login the LINKSYS TomatoUSB router</p><p>by defacult username and password(admin:admin)</p><p><span style=\"color: rgb(64, 80, 128); font-size: 18px;\">Execute System Commands</span></p>",
|
|||
|
"VulType": [
|
|||
|
"rce"
|
|||
|
],
|
|||
|
"Tags": [
|
|||
|
"rce"
|
|||
|
]
|
|||
|
}
|
|||
|
},
|
|||
|
"AttackSurfaces": {
|
|||
|
"Application": null,
|
|||
|
"Support": null,
|
|||
|
"Service": null,
|
|||
|
"System": null,
|
|||
|
"Hardware": null
|
|||
|
}
|
|||
|
}
|