sh -c "$(curl -fsSL https://raw.githubusercontent.com/robbyrussell/oh-my-zsh/master/tools/install.sh)"
- Download zsh-autosuggestions by
Unauthenticated RCE as root on ASKEY router RTF3505VW through GET parameter | |
------------------------------------------------------------------------------ | |
The router RTF3505VW, which is distributed by Vivo, is vulnerable to a unauthenticated RCE via a GET parameter. The vulnerability resides on the /bin/httpd, as it passes a GET parameter to a system call, see the vulnerable portion of the binary below. | |
if (iVar1 != 0) { | |
system("killall ping traceroute > /dev/null 2>&1"); | |
__format = "ping %s -c %s -I %s> %s&"; | |
puVar4 = auStack10144; |
I hereby claim:
To claim this, I am signing this object: