CVE-2018-14714 PoC — ASUS RT-AC3200 命令注入漏洞

Source

https://github.com/ediop3SquadALT/TimeInjector

Associated Vulnerability

Title:ASUS RT-AC3200 命令注入漏洞 (CVE-2018-14714)
Description:System command injection in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to execute system commands via the "load_script" URL parameter.

Description

Time injector is a CVE-2018-14714 exploitation script

Readme

# TimeInjector
Time injector is a CVE-2018-14714 exploitation script in bash



To tell if the target is vulnerable, the script works by first checking if the target is accessible and if it can establish a login session.

After that, it checks for the existence of specific pages and performs a time-based injection to see if the system is vulnerable to remote code execution (RCE).

If the system responds slower when executing a command (like sleep 3), it indicates the target may be vulnerable.

This happens because the server is taking more time to process the injected command, and that delay confirms the vulnerability.

The exploit works by sending a specially crafted payload to the target that causes the system to run commands in an unintended manner, typically allowing command execution or information leakage.

The key part of detecting vulnerability is the response time delay, which shows the target is executing commands based on user input, confirming that an RCE vulnerability exists.

File Snapshot


 [4.0K]  /data/pocs/ff7b3d4fb77e736e90fcf04d7bfb56a688191484
├── [1004]  README.md
└── [7.1K]  TimeInjector.sh

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!