-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create CVE-2018-6530 #5545
Create CVE-2018-6530 #5545
Conversation
OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter. Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
@gy741 is it possible to share some set-up instructions to build a vulnerable environment ? |
Hello, @DhiyaneshGeek Because this vulnerability occurs in embedded systems, you must use an emulator such as the qemu emulator. Ref: #5976 However, the setting method is different for each firmware. I'll try the analysis. |
Hello, @DhiyaneshGeek @princechaddha I succeeded in constructing the environment. But there is one problem to detect the problem. I ordered to run the telnetd and checked the connection through nmap and telnet connect. Is there any idea to detect telnet? NMAP command before template execution:
Template Execution Log:
NMAP command after template execution:
I think, wget works, but I currently have no external internet connection available using the emulator environment. :) |
Template / PR Information
Hello,
Added CVE-2018-6530
Template Validation
I've validated this template locally?