Skip to content
Permalink
main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

0x01 Vulnerability description

an issue was discovered on WAVLINK AERIAL X 1200M devices where a crafted POST request can be sent to adm.cgi that will result in the execution of the supplied command if there is an active session at the same time

0x02 Affected version

WAVLINK AERIAL X 1200M

0x03 Vulnerability

In adm.cgi, the received POST is directly spliced to the system function for execution

image-20220520115840075

image-20220520115621788

0x04 PoC verification

image-20220520145232190

0x05 Acknowledgement

PeiWen.Huang

Yuyu.Cao

Shengjie.Xu