技术文章阅读-d-link-routers-found-vulnerable-rce

https://www.fortinet.com/blog/threat-research/d-link-routers-found-vulnerable-rce

影响的范围

  • DIR-655
  • DIR-866L
  • DIR-652
  • DHP-1565

貌似都是快要停止支持的产品了

 

总结:

一是未授权

二是没有做好参数过滤

 

值得注意的是后面提到了

If we try to input any special character, such as double quote, quote, semicolon, etc., the ping fails.

Unfortunately, if we pass the newline character, for example: 8.8.8.8%0als, we can perform the Command Injection attack.

 

只有通过换行才能执行命令,在cgi后台测试的时候可以注意下

posted @ 2020-10-26 10:51  君莫笑hhhhhh  阅读(84)  评论(0编辑  收藏  举报