{ "Name": "Multiple models routers Background RCE CVE-2018-16752 ", "Description": "Many routers such as JCG, LINKNET and VINGA execute commands in the background. Hackers can execute arbitrary commands on the server and write into the backdoor, thus invading the server and gaining the administrator's authority of the server, which is very harmful.", "Product": "LINK-NET-LW-N605R", "Homepage": "https://www.linkedin.com/in/nassim-asrir-b73a57122", "DisclosureDate": "2021-06-02", "Author": "atdpa4sw0rd@gmail.com", "GobyQuery": "(banner=\"/home.asp\" || body=\"MouseOverOut('wizardOn','wizardOff');\")", "Level": "3", "Impact": "

Under certain circumstances (with login authorization), an attacker can execute certain commands on the server (some commands do not exist) and write into the backdoor, thereby invading the server and obtaining the server's administrator authority, which is very harmful.

", "Recommandation": "

1. Strictly filter the data entered by the user, filter sensitive characters, and prohibit the execution of system commands.

2. Update to the latest version. Website: http://linknet-usa.com/main/product_info.php?products_id=35&language=es

", "References": [ "http://www.cnvd.org.cn/flaw/show/CNVD-2018-18480" ], "HasExp": true, "ExpParams": [ { "name": "cmd", "type": "input", "value": "cat /etc/passwd" } ], "ExpTips": { "Type": "", "Content": "" }, "ScanSteps": [ "AND", { "Request": { "method": "GET", "uri": "/test.php", "follow_redirect": true, "header": {}, "data_type": "text", "data": "" }, "ResponseTest": { "type": "group", "operation": "AND", "checks": [ { "type": "item", "variable": "$code", "operation": "==", "value": "200", "bz": "" }, { "type": "item", "variable": "$body", "operation": "contains", "value": "test", "bz": "" } ] }, "SetVariable": [] } ], "ExploitSteps": null, "Tags": [ "RCE" ], "CVEIDs": null, "CVSSScore": "0.0", "AttackSurfaces": { "Application": null, "Support": null, "Service": null, "System": null, "Hardware": null } }