DLINK DCS-5020L - Remote Code Execution (PoC)

EDB-ID: 44580
Author: Fidus InfoSecurity
Published: 2018-03-27
CVE: CVE-cve 2017-17020
Type: Webapps
Platform: Hardware
Aliases: N/A
Advisory/Source: Link
Tags: N/A
Vulnerable App: N/A

This walkthrough demonstrates just how easy it can be to find vulnerabilities in Internet of Things (IOT) devices. The process of finding the following command injection can be broken down into 3 steps that are more akin to a 100 point CTF challenge: download binary, run strings, trace input to system call to origin.

An attacker can escape the ‘sed’ command with a simple payload, such as ‘`touch a`’. Another example that fits is AdminID=a’`telnetd`’, which allows a user to login as “a”, which becomes the new root account:

Source: https://www.fidusinfosec.com/dlink-dcs-5030l-remote-code-execution-cve-2017-17020/

Related Posts