Skip to content

CVE-2020-8958: Authenticated RCE exploit for NetLink HG323

Notifications You must be signed in to change notification settings

Asjidkalam/CVE-2020-8958

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
 
 
 
 

Repository files navigation

CVE-2020-8958

CVE-2020-8958: Authenticated Remote Code Execution Exploit for NetLink Routers using boa server.

CVSS Score: 7.2
Vulnerability Type(s): OS Command Injection
Authentication: Required
Affected Model(s): HG323

Description

The /boaform/admin/formPing resource in Netlink routers allows remote attackers to perform OS Command Injection via the target_addr parameter.

Usage

    usage: CVE-2020-8958.py [-h] -i URL [-u [USER]] [-p [PASS]]

    CVE-2020-8958: Authenticated remote code execution exploit

    optional arguments:
    -h, --help            show this help message and exit
    -i URL, --Url URL     Target IP of router
    -u [USER], --User [USER]
                            Username
    -p [PASS], --Pass [PASS]
                            Password

About

CVE-2020-8958: Authenticated RCE exploit for NetLink HG323

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages