Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-11896 PoC — Treck TCP/IP stack 输入验证错误漏洞

Source
https://github.com/0xkol/ripple20-digi-connect-exploit
Associated Vulnerability
Title:Treck TCP/IP stack 输入验证错误漏洞 (CVE-2020-11896)
Description:The Treck TCP/IP stack before 6.0.1.66 allows Remote Code Execution, related to IPv4 tunneling.
Description
RCE exploit for CVE-2020-11896 (Ripple20 IP-in-IP Heap Overflow Vulnerability) targeting Digi Connect ME 9210
Readme
Ripple20 Exploit: Digi Connect ME 9210
======================================

Authors: Moshe Kol, Shlomi Oberman

This repository contains a PoC exploit for CVE-2020-11896, a critical heap-based buffer overflow vulnerability in the Track TCP/IP stack (part of the Ripple20 vulnerability suite). 

The exploit achieves remote code execution (RCE) on a Digi Connect ME 9210 device running NET+OS 7.5. You can find the full write-up [here](https://www.jsof-tech.com/wp-content/uploads/2020/06/JSOF_Ripple20_Technical_Whitepaper_June20.pdf).
File Snapshot

 [4.0K]  /data/pocs/06c61cee2bc5be02c68058aa4ae104340dfeea4e
├── [ 11K]  digi_connect_exploit.py
├── [ 194]  led_shellcode_arm32be
├── [1.0K]  LICENSE
└── [ 541]  README.md

0 directories, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →