Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1020 CNY

100%
Buy Us a Coffee

CVE-2023-38120 PoC — Adtran SR400ac ping Command Injection Remote Code Execution Vulnerability

Source
https://github.com/warber0x/CVE-2023-38120
Associated Vulnerability
Title:Adtran SR400ac ping Command Injection Remote Code Execution Vulnerability (CVE-2023-38120)
Description:Adtran SR400ac ping Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adtran SR400ac routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the ping command, which is available over JSON-RPC. A crafted host parameter can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-20525.
Description
Adtran SR400ac ping Command Injection Remote Code Execution Vulnerability
Readme
# Exploit:
This is a POC for a bug that I found in SmartRG router (CVE-2023-38120). It's already fixed by the manufacturer.
File Snapshot

 [4.0K]  /data/pocs/cd48d2436517560d261d4d977134707e44cb53d9
├── [8.1K]  exploit.py
├── [ 124]  README.md
└── [  75]  requirements.txt

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →