qwqdanchun
/
Goby
mirror of https://github.com/qwqdanchun/Goby.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Goby/json/TOTOLINK-routers-remote-com...

60 lines
2.3 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Name": "TOTOLINK routers remote command injection vulnerabilities (CVE-2020-25499)",
"Description": "TOTOLINK A3002RU-V2.0.0 B20190814.1034 allows authenticated remote users to modify the system's 'Run Command'. An attacker can use this functionality to execute arbitrary OS commands on the router.",
"Product": "Totolink-A3002RU",
"Homepage": "https://www.totolink.net",
"DisclosureDate": "2020-12-09",
"Author": "go0p",
"FofaQuery": "(body=\"/boafrm/formLogin\" && body=\"dw(password_warning)\") || app=\"TOTO_LINK-WIRELESS-ROUTER\" || app=\"MikroTik-Router\"",
"GobyQuery": "",
"Level": "3",
"Impact": "",
"Recommendation": "Users can refer to the security bulletins provided by the following vendors to obtain patch information: https://www.totolink.net/home/index/newsss/id/",
"Translation": {
"CN": {
"Description": "Totolink TOTOLINK A3002RU是中国台湾吉翁电子Totolink公司的一款无线路由器产品。 TOTOLINK A3002RU-V2.0.0 B20190814.1034 存在命令注入漏洞该漏洞允许通过身份验证的远程用户修改系统的“运行命令”。攻击者可利用该漏洞可以使用此功能在路由器上执行任意OS命令。",
"Impact": "Impact",
"Name": "Totolink TOTOLINK A3002RU命令注入漏洞CNVD-2020-70958",
"Product": "Totolink TOTOLINK A3002RU",
"Recommendation": "厂商已发布了漏洞修复程序,请及时关注更新: https://www.totolink.net/home/index/newsss/id/196.html"
}
},
"References": null,
"RealReferences": [
"https://github.com/kdoos/Vulnerabilities/blob/main/RCE_TOTOLINK-A3002RU-V2",
"https://www.totolink.net/home/index/newsss/id/196.html",
"https://nvd.nist.gov/vuln/detail/CVE-2020-25499",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25499"
],
"HasExp": true,
"ExpParams": [
{
"name": "cmd",
"type": "input",
"value": "/bin/busybox ifconfig"
}
],
"ExpTips": {
"Type": "",
"Content": ""
},
"ScanSteps": null,
"ExploitSteps": null,
"Tags": null,
"CVEIDs": [
"CVE-2020-25499"
],
"CVSSScore": "8.8",
"CNVDIDs": [
"CNVD-2020-70958"
],
"CNNVDIDs": null,
"AttackSurfaces": {
"Application": null,
"Support": null,
"Service": null,
"System": null,
"Hardware": null
},
"Disable": false
}
Reference in New Issue View Git Blame Copy Permalink