From 966ac2cd2eadea3828823b7de1c8bcde3d382681 Mon Sep 17 00:00:00 2001 From: duality084 Date: Thu, 1 Jun 2023 19:44:37 -0300 Subject: [PATCH] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 12c3a22..07ed48e 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ CVE-2023-33381: OS command injection on MitraStar GPT-2741GNAC ### Firmware Version: AR_g5.8_110WVN0b7_2 ### Vulnerability Description: -When logging in via SSH, it was apparent that one would be directed to a restricted shell instead of the expected full shell access. +Upon logging in via SSH, I immediately noticed the limited set of available commands and options. It became evident that I was indeed confined to a restricted shell environment. ![image](https://github.com/duality084/CVE-2023-33381-MitraStar-GPT-2741GNAC/assets/7117259/b5840811-334d-45d5-b3e3-7863969165a3) After exploring several known vulnerabilities, I decided to delve into the search for new ones. To begin, I logged into the administrative portal and began testing various functionalities that could potentially result in OS command injection. Within the Diagnostic menu, I came across a particular feature that allowed me to test connectivity using the ping and traceroute commands.