Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "TamronOS IPTV/VOD - Remote Command Execution" module is designed to detect a critical remote command execution vulnerability in the TamronOS IPTV/VOD software. This module is used to identify instances where an attacker can execute arbitrary commands on the target system.
If successfully exploited, this vulnerability allows an attacker to execute arbitrary commands on the target system. This can lead to unauthorized access, data theft, and potential compromise of the entire system.
The module sends a GET request to the target system with specific parameters. For example:
/api/ping?count=5&host=;cat%20/etc/passwd;&port=80&source=1.1.1.1&type=icmp
The module then applies matching conditions to the response to determine if the vulnerability is present. The matching conditions include:
- Regex: The response is checked for the presence of the string "root:.*:0:0:" using regular expressions. - Status: The response status code is checked to ensure it is 200.If both matching conditions are met, the module reports the vulnerability.