I hereby claim:
- I am nutc4k3 on github.
- I am nutcak3 (https://keybase.io/nutcak3) on keybase.
- I have a public key ASD4oGEiz66w_yCZ-uxwgD1XDVfb9BN9jVyMml6VKaYhdQo
To claim this, I am signing this object:
I hereby claim:
To claim this, I am signing this object:
Unauthenticated RCE as root on ASKEY router RTF3505VW through GET parameter | |
------------------------------------------------------------------------------ | |
The router RTF3505VW, which is distributed by Vivo, is vulnerable to a unauthenticated RCE via a GET parameter. The vulnerability resides on the /bin/httpd, as it passes a GET parameter to a system call, see the vulnerable portion of the binary below. | |
if (iVar1 != 0) { | |
system("killall ping traceroute > /dev/null 2>&1"); | |
__format = "ping %s -c %s -I %s> %s&"; | |
puVar4 = auStack10144; |