Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com

CVE-2020-10987

Description

The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter.

POC

Reference

- https://www.ise.io/research/

Github

- https://github.com/20142995/Goby

- https://github.com/ARPSyndicate/cvemon

- https://github.com/HimmelAward/Goby_POC

- https://github.com/NyxAzrael/Goby_POC

- https://github.com/Ostorlab/KEV

- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors

- https://github.com/Z0fhack/Goby_POC

- https://github.com/ker2x/DearDiary

- https://github.com/meerkatone/Vulnerability-Research-with-Binary-Ninja

- https://github.com/meerkatone/vulnerability_research_with_binary_ninja