CVE-2023-28343 PoC — Altenergy Power System Control Software 操作系统命令注入漏洞

Description

Altenergy Power System Control Software set_timezone RCE Vulnerability (CVE-2023-28343)

介绍

# CVE-2023-28343
## Altenergy Power System Control Software set_timezone RCE Vulnerability (CVE-2023-28343)
**Chinese name: Altenergy Power System Control Software set_timezone 远程命令执行漏洞（CVE-2023-28343）**

CVSS core:9.0

**Description** : Altenergy Power System Control Software is a microinverter control software from Altenergy Power System.

**Impact** : There is a security vulnerability in AlAltenergy Power System Control Software C1.2.5, which is caused by an operating system command injection vulnerability in /set_timezone. An attacker can execute arbitrary commands to obtain server privileges.

![](https://s3.bmp.ovh/imgs/2023/03/21/604e2a156666a0c3.gif)


**[Goby Official URL: https://gobies.org/](https://gobies.org/)** 

If you have a functional type of issue, you can raise an issue on GitHub or in the discussion group below:

1. GitHub issue: https://github.com/gobysec/Goby/issues
2. Telegram Group: http://t.me/gobies (Group benefits: enjoy the version update 1 month in advance) 
3. Telegram Channel: https://t.me/joinchat/ENkApMqOonRhZjFl (Channel benefits: enjoy the version update 1 month in advance) 
4. WeChat Group: First add my personal WeChat: **gobyteam**, I will add everyone to the official WeChat group of Goby. (Group benefits: enjoy the version update 1 month in advance) 

文件快照

备注