Routers/CVE-2023-33381-MitraStar-GPT-2741GNAC
1
0
Fork 0
mirror of https://github.com/duality084/CVE-2023-33381-MitraStar-GPT-2741GNAC.git synced 2025-01-24 17:57:58 -03:00
Code Issues Projects Releases Packages Wiki Activity

Update README.md

Browse source
This commit is contained in:
duality084 2023-06-01 19:44:37 -03:00 committed by GitHub
parent 70d87af1f4
commit 966ac2cd2e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -5,7 +5,7 @@ CVE-2023-33381: OS command injection on MitraStar GPT-2741GNAC
### Firmware Version: AR_g5.8_110WVN0b7_2
### Vulnerability Description:
When logging in via SSH, it was apparent that one would be directed to a restricted shell instead of the expected full shell access.
Upon logging in via SSH, I immediately noticed the limited set of available commands and options. It became evident that I was indeed confined to a restricted shell environment.
![image](https://github.com/duality084/CVE-2023-33381-MitraStar-GPT-2741GNAC/assets/7117259/b5840811-334d-45d5-b3e3-7863969165a3)
After exploring several known vulnerabilities, I decided to delve into the search for new ones. To begin, I logged into the administrative portal and began testing various functionalities that could potentially result in OS command injection. Within the Diagnostic menu, I came across a particular feature that allowed me to test connectivity using the ping and traceroute commands.