Sapido Multiple Routers Remote Command Execution Vulnerability
Sapido Multiple Routers Remote Command Execution Vulnerability
Sapido Multiple Routers Remote Command Execution Vulnerability
Vulnerability Description
Sapido multiple routers, without authorization, lead to any visitor being able to execute commands with Root permissions.
Vulnerability Impact
BR270n-v2.1.03
BRC76n-v2.1.03
GR297-v2.1.3
RB1732-v2.0.43
Network surveying and mapping
Vulnerability reappears
There is an asp file in the firmware that is syscmd.asp command execution exists.
Visit target:
https://xxx.xxx.xxx.xxx/syscmd.asp
https://xxx.xxx.xxx.xxx/syscmd.htm
Just enter the command to execute
This post is licensed under CC BY 4.0 by the author.