CVEs-PoC/2020/CVE-2020-24581.md

### [CVE-2020-24581](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24581)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. It contains an execute_cmd.cgi feature (that is not reachable via the web user interface) that lets an authenticated user execute Operating System commands.

### POC

#### Reference
- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/d-link-multiple-security-vulnerabilities-leading-to-rce/
- https://www.trustwave.com/en-us/resources/security-resources/security-advisories/

#### Github
- https://github.com/0day404/vulnerability-poc
- https://github.com/20142995/Goby
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ArrestX/--POC
- https://github.com/EdgeSecurityTeam/Vulnerability
- https://github.com/HimmelAward/Goby_POC
- https://github.com/Ilovewomen/db_script_v2
- https://github.com/Ilovewomen/db_script_v2_2
- https://github.com/KayCHENvip/vulnerability-poc
- https://github.com/Miraitowa70/POC-Notes
- https://github.com/Mr-xn/Penetration_Testing_POC
- https://github.com/SexyBeast233/SecBooks
- https://github.com/Threekiii/Awesome-POC
- https://github.com/Z0fhack/Goby_POC
- https://github.com/d4n-sec/d4n-sec.github.io
- https://github.com/huike007/penetration_poc
- https://github.com/lions2012/Penetration_Testing_POC
- https://github.com/pen4uin/awesome-vulnerability-research
- https://github.com/pen4uin/vulnerability-research
- https://github.com/pen4uin/vulnerability-research-list
- https://github.com/tzwlhack/Vulnerability
- https://github.com/winterwolf32/CVE-S---Penetration_Testing_POC-
- https://github.com/xuetusummer/Penetration_Testing_POC