SECCN Unauthorized Remote Code Execution (RCE) Vulnerability Basic Information of the Vulnerability Vulnerability Name: SECCN Dingcheng G10 Enterprise Gateway session_login.cgi Unauthorized Command Injection Vulnerability Vulnerability Type: CWE-78 (OS Command Injection), CWE-306 (Missing Authentication) Severity Level: Critical Affected Privileges: Root Affected Interface: /cgi-bin/session_login.cgi Vulnerability Reproduction (Proof of Concept) Steps: 1. Access the URL in a browser. 2. Use Burp Suite to capture the request packet and modify the payload. 3. Sample payload in the request packet: 4. Send the modified packet through Burp Suite using the Repeater tool. 5. Verify the success of the RCE by opening a Telnet server on port 9999. Shell Access Verification: Successfully connected to as root. Vulnerability Analysis The script contains the following critical code: The parameter from the POST request is directly concatenated into a system command, leading to RCE. An attacker can manipulate this parameter to execute arbitrary commands without authentication.