Skip to content

Instantly share code, notes, and snippets.

@CLan-nad

CLan-nad/CVE-2024-48659.md

Created October 16, 2024 17:14
Show Gist options
  • Save CLan-nad/a879f7696a58656b384c46bf4ba74e80 to your computer and use it in GitHub Desktop.
Save CLan-nad/a879f7696a58656b384c46bf4ba74e80 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
CVE-2024-48659.md

[CVE-ID] CVE-2024-48659 [PRODUCT]
DCME-320-L
[VERSION]
<=9.3.2.114
[PROBLEM TYPE]
Command Injection
[DESCRIPTION]
A command execution vulnerability exists in the web management background of DCME-320 gateway

First, the getVar function obtains the action value from the user, and the attacker can assign the value to umount, then obtains the value of path, and then enters the umountdisk function
image

In the umountdisk function, the path is concatenated and passed directly to the exec, and the path is controllable, causing command execution
image

poc:http://ip/function/audit/log/log_u_umount.php?action=umount&path=;echo abcdefg > 1.txt; image

image The execution was successful
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment