From f98aa2276af133630cb6c19c4645ab0b9aaa8f7c Mon Sep 17 00:00:00 2001 From: duality084 Date: Thu, 1 Jun 2023 19:44:54 -0300 Subject: [PATCH] Update README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 07ed48e..253d8e2 100644 --- a/README.md +++ b/README.md @@ -6,6 +6,7 @@ CVE-2023-33381: OS command injection on MitraStar GPT-2741GNAC ### Vulnerability Description: Upon logging in via SSH, I immediately noticed the limited set of available commands and options. It became evident that I was indeed confined to a restricted shell environment. + ![image](https://github.com/duality084/CVE-2023-33381-MitraStar-GPT-2741GNAC/assets/7117259/b5840811-334d-45d5-b3e3-7863969165a3) After exploring several known vulnerabilities, I decided to delve into the search for new ones. To begin, I logged into the administrative portal and began testing various functionalities that could potentially result in OS command injection. Within the Diagnostic menu, I came across a particular feature that allowed me to test connectivity using the ping and traceroute commands.