CVE-2024-1655 PoC — ASUS WiFi Router - OS Command Injection

Source

Associated Vulnerability

Readme

# CVE-2024-1655

## Description

ASUS ExpertWiFi EBM63, EBM68, and RT-AX57 Go firmwares before the 12-04-2024 patch contain a command injection vulnerability in splash_page_SDN.cgi function. When an attacker sends a specially crafted request, they can achieve arbitrary code execution.  

references:
 * [Official report](https://www.twcert.org.tw/tw/cp-132-7737-1acd0-1.html)

## Usage

The vulnerability is an authenticated RCE, users of this script are required to first retrieve the login token (value of asus_token from the cookie header) of the target.

```console
$ python3 CVE-2024-1655.py --host <TARGET_HOST> --token <ASUS_TOKEN> <COMMAND>
```

Example: Creating a file in the tmp directory

```console
$ python3 CVE-2024-1655.py --host http://192.168.1.1:8080 --token pEnRts37WwOZT1qwwJjhRWFhfBLBmNQ "echo pwned > /tmp/pwn.txt" 
```

## Disclaimer

The author created this software for the sole purposes of academic research and aiding in understanding associated security risks. In addition, this software is not intended to be used to attack systems except where explicitly authorized. Project maintainers are not responsible or liable for misuse of the software. Responsible usage is advised.

File Snapshot

 [4.0K]  /data/pocs/a710821cfd4f781bb0f16c4567b78b65451240e0
├── [1.4K]  CVE-2024-1655.py
└── [1.2K]  README.md

0 directories, 2 files

Remarks