CVE-2023-26866 PoC — Green Packet OH736 命令注入漏洞

Source

https://github.com/lionelmusonza/CVE-2023-26866

Associated Vulnerability

Title:Green Packet OH736 命令注入漏洞 (CVE-2023-26866)
Description:GreenPacket OH736's WR-1200 Indoor Unit, OT-235 with firmware versions M-IDU-1.6.0.3_V1.1 and MH-46360-2.0.3-R5-GP respectively are vulnerable to remote command injection. Commands are executed using pre-login execution and executed with root privileges allowing complete takeover.

Readme

 
# CVE-2023-26866

## Description
GreenPacket OH736's WR-1200 Indoor Unit, OT-235  with firmware versions M-IDU-1.6.0.3_V1.1 and MH-46360-2.0.3-R5-GP respectively  are vulnerable to remote command injection. Commands are executed using pre-login execution and executed with root privileges allowing complete takeover. The vulnerability has been   validated by Lionel Musonza.

## Vulnerability Type
CWE-77	Improper Neutralization of Special Elements used in a Command ('Command Injection')	cwe source acceptance level NIST  
CWE-94	Improper Control of Generation of Code ('Code Injection')

## Vendor of Product
GreenPacket

## Affected Product Code Base
OH736's WR-1200 IDU - M-IDU-1.6.0.3_V1.1
OT-235 - MH-46360-2.0.3-R5-GP


### Affected Component
Engineer  user's command tool in the ruoter's web utility.

### Attack Type
Context-dependent

### Impact Code execution
True

### Impact Denial of Service
True

### Impact Escalation of Privileges
True

### Impact Information Disclosure
True

## Has vendor confirmed or acknowledged the vulnerability?
No, no response from vendor.


## Discoverer
Lionel Musonza

## Timeline

File Snapshot

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →