JCG路由器命令执行漏洞.md

628 B / 2021-07-15 19:46:19
    # JCG路由器命令执行漏洞



### 漏洞环境

### 漏洞复现

Shandan上搜到相关信息

![image](resource/JCG%E8%B7%AF%E7%94%B1%E5%99%A8%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E/media/1-20201014111701466.png)

选择一个测试：http://216.171.4.173/home.asp

默认密码：admin/admin

![image](resource/JCG%E8%B7%AF%E7%94%B1%E5%99%A8%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E/media/2-20201014111701470.png)

在系统工具中可执行命令

如图

![image](resource/JCG%E8%B7%AF%E7%94%B1%E5%99%A8%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E/media/3-20201014111701472.png)