Skip to content
Permalink
Branch: master
Find file Copy path
1 contributor

Users who have contributed to this file

18 lines (10 sloc) 858 Bytes

Permission access control

Command injection vulnerability requires authentication,but unfortunately,The usernames that can be logged in are admin and user。 Most people set a password for user admin,but the user 'user' is blank password.

images

images

This vulnerability can be used with vulnerability 1,Implement remote command execution

We found that there are 5,000 such devices on the public network through zoomeye。

I use the ceye platform and the ping command to verify this problem.

images

images

You can’t perform that action at this time.