Skip to content
This repository has been archived by the owner on Jan 16, 2022. It is now read-only.

Latest commit

 

History

History
11 lines (8 loc) · 469 Bytes

README.md

File metadata and controls

11 lines (8 loc) · 469 Bytes
Raw

A proof of concept for CVE-2020-8958 written in Python. The script will return the contents of /etc/passwd if successful.

CVE-2020-8958

Guangzhou 1GE ONU V2801RW 1.9.1-181203 through 2.9.0-181024 and V2804RGW 1.9.1-181203 through 2.9.0-181024 devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the boaform/admin/formPing Dest IP Address field.

Requirements

  • Python 3.X
  • bs4

Usage

python poc.py <IP_ADDR>