# 电信天翼网关F460 web\_shell\_cmd.gch 远程命令执行漏洞

### 漏洞描述 <a href="#lou-dong-miao-shu" id="lou-dong-miao-shu"></a>

电信天翼网关F460 web\_shell\_cmd.gch文件存在命令调试界面，攻击者可以利用获取服务器权限

### 漏洞影响 <a href="#lou-dong-ying-xiang" id="lou-dong-ying-xiang"></a>

&#x20;Note

电信天翼网关F460

### FOFA <a href="#fofa" id="fofa"></a>

&#x20;Note

title="F460"

### 漏洞复现 <a href="#lou-dong-fu-xian" id="lou-dong-fu-xian"></a>

出现漏洞的文件为 web\_shell\_cmd.gch

![](https://4279400230-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MgxNkYa2vR6HNnHdkjg%2F-MhrYbLZtHHSDhh51TEl%2F-MhrZ2DYkx0s7IdqU9rf%2Fimage.png?alt=media\&token=54c14813-4b00-4d77-a575-a46228e14649)

&#x20;直接输入命令就可以执行 **cat /etc/passwd**

![](https://4279400230-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MgxNkYa2vR6HNnHdkjg%2F-MhrYbLZtHHSDhh51TEl%2F-MhrZ5HZST6PS4dcRktc%2Fimage.png?alt=media\&token=34410696-ce10-45c5-a531-f47061560b46)