漏洞平台

POC详情： ca2d5396203467f141dff01fc5bef52b050f0d2f

来源

https://github.com/StanleyJobsonAU/LongBow

关联漏洞

标题： TP-Link Archer VR1600V 操作系统命令注入漏洞 (CVE-2023-31756)
描述：TP-LINK TP-Link Archer VR1600V是中国普联（TP-LINK）公司的一款无线调制解调器。 TP-Link Archer VR1600V 0.1.0及之前版本存在安全漏洞，该漏洞源于存在命令注入漏洞，允许远程攻击者以管理员身份打开操作系统的shell。

描述

CVE-2023-31756 Proof of Concept - Remote Code Execution for Archer V1/V2 Routers

介绍

# Archer TP-Link VR1600V Router Local Remote Command Execution Exploit (CVE-2023-31756)

## Overview

This Python script demonstrates a local remote command execution vulnerability within the Archer TP-Link VR1600V V1/V2 routers. The exploit allows for administrative-level operating system access on the router. With this access, you can re-enable OpenVPN server as well as disable CWMP and other Administrative tasks restricted from the Web Portal.

## Prerequisites

Before using this script, ensure you have the following prerequisites in place:

- Python 3.x installed on your system.
- "Admin" Access to an Archer TP-Link V1/V2 router. (Hint: default credentials are admin:admin)
- Proper authorization to test the vulnerability on the router.

## Usage

1. Clone this repository to your local machine:
```
git clone https://github.com/StanleyJobsonAU/LongBow.git
```
2. Navigate to the project directory:
```
cd LongBow
```
3. Browse via web browser to your Admin Web Portal (e.g. 192.168.1.1:80)
4. Login with default admin credentials
5. Once logged in, retrieve the "JSESSIONID" cookie (F12 -> Storage -> Cookies -> JSESSIONID) and note it down.
6. Run the script with the following syntax:

```
python CVE-2023-31756-LongBow.py --ip [IP of router] --session [JSESSIONID Cookie]
Example: python CVE-2023-31756-LongBow.py --ip 192.168.1.1 --session b3223de242cb163b0ab3557f859d14
```

7. If successful, a root level shell will be available on port 23. Use telnet to connect (e.g. telnet 192.168.1.1 23)

## Screenshots
![Image 1](Screenshot1.PNG)
![Image 2](Screenshot2.PNG)

## Exploit Details

This script takes advantage of a local remote command execution vulnerability in Archer TP-Link V1/V2 routers Web Interface. The vulnerability allows an attacker to gain administrative access to the router's operating system by binding an OS level shell to Telnet

## Disclaimer

This script is provided for educational and research purposes only. It is important to use this script responsibly and only on devices you are authorized to test. Unauthorized use of this script on networks or devices you do not own or have explicit permission to test may be illegal and unethical.

## License

This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.

文件快照


 [4.0K]  /data/pocs/ca2d5396203467f141dff01fc5bef52b050f0d2f
├── [8.0K]  CVE-2023-31756-Longbow.py
├── [2.2K]  README.md
├── [ 75K]  Screenshot1.PNG
└── [ 50K]  Screenshot2.PNG

0 directories, 4 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。