Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-3712 PoC — Potential user privilege escalation

Source
https://github.com/vpxuser/CVE-2023-3712-POC
Associated Vulnerability
Title:Potential user privilege escalation (CVE-2023-3712)
Description:Files or Directories Accessible to External Parties vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Privilege Escalation.This issue affects PM43 versions prior to P10.19.050004.  Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).
Readme
# Honeywell PM43 Userpassword Command Injection POC

This is a proof-of-concept (POC) code to test the command injection vulnerability via the `userpassword` parameter in PM43 printer devices. It allows you to check if a specific version of PM43 (P10.11.013310 or earlier) is vulnerable to command injection.

## Prerequisites

To use this POC, you need to meet the following requirements:

- Go programming language version 1.17 or higher installed on your computer.
- Access to a PM43 printer device running the vulnerable version.

## Usage

Follow the instructions below to use this POC:

1. Clone or download the POC code to your local computer.
2. Open a terminal and navigate to the project directory.

### Single URL Testing

If you want to test a single URL, use the following command:

```bash
go run main.go -url <target URL>
```

Replace `<target URL>` with the URL of the PM43 printer device you want to test. For example:

```bash
go run main.go -url http://printer.example.com
```

### Multiple URLs Testing

If you have a file containing multiple URLs that need to be tested, use the following command:

```bash
go run main.go -file <input file>
```

Replace `<input file>` with the path to the file containing the URLs. Each URL in the file should be on a separate line.

## Output

The POC will send the command injection payload to the specified URL(s) and check if the response contains the expected result. If a vulnerability is detected, it will display a success message along with the payload used. If no vulnerability is detected, it will display a failure message.

Note: The POC assumes a specific format for the command injection payload. Depending on the specific vulnerability you are testing, you may need to modify the payload in the code.

## Disclaimer

This POC is intended for educational and testing purposes only. Use it responsibly and obtain necessary authorizations. The author is not responsible for any misuse or damage caused by the use of this POC.

## License

This POC is released under the [MIT License](LICENSE).

## Credits

This POC is based on the original code from the OpenAI GPT-3.5 model.

**Use this POC responsibly and respect the security and privacy of others.**
File Snapshot

 [4.0K]  /data/pocs/eeb6eb913fd1802ca34619ac39e192d6268d78f6
├── [ 83K]  CVE2.png
├── [ 231]  go.mod
├── [ 865]  go.sum
├── [2.2K]  main.go
└── [2.2K]  README.md

0 directories, 5 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →