CVE-2020-8958: Authenticated Remote Code Execution Exploit for NetLink Routers using boa server.
CVSS Score: 7.2
Vulnerability Type(s): OS Command Injection
Authentication: Required
Affected Model(s): HG323
The /boaform/admin/formPing resource in Netlink routers allows remote attackers to perform OS Command Injection via the target_addr parameter.
usage: CVE-2020-8958.py [-h] -i URL [-u [USER]] [-p [PASS]]
CVE-2020-8958: Authenticated remote code execution exploit
optional arguments:
-h, --help show this help message and exit
-i URL, --Url URL Target IP of router
-u [USER], --User [USER]
Username
-p [PASS], --Pass [PASS]
Password