# JCG JHR-N835R 后台命令执行漏洞

### 漏洞描述 <a href="#lou-dong-miao-shu" id="lou-dong-miao-shu"></a>

JCG JHR-N835R 后台存在命令执行，通过 ; 分割 ping 命令导致任意命令执行

### 漏洞影响 <a href="#lou-dong-ying-xiang" id="lou-dong-ying-xiang"></a>

&#x20;Note

JCG JHR-N835R

### Shodan <a href="#shodan" id="shodan"></a>

&#x20;Note

JHR-N835R

### 漏洞复现 <a href="#lou-dong-fu-xian" id="lou-dong-fu-xian"></a>

登录页面 admin admin登录<br>

![](https://4279400230-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MgxNkYa2vR6HNnHdkjg%2F-Mhr29TNgN3F9wtPQQQU%2F-Mhr3l-tff09Rji3eJs-%2Fimage.png?alt=media\&token=5e028ad6-a97a-4f34-9129-4711b7530740)

在后台系统工具那使用 PING工具，使用 ; 命令执行绕过

![](https://4279400230-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MgxNkYa2vR6HNnHdkjg%2F-Mhr29TNgN3F9wtPQQQU%2F-Mhr3o6VriLUoqY2Dx-W%2Fimage.png?alt=media\&token=d3b88a90-4c07-4abd-bdfc-5eb97262b509)

![](https://4279400230-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MgxNkYa2vR6HNnHdkjg%2F-Mhr29TNgN3F9wtPQQQU%2F-Mhr3plJqaULoSfDFkAQ%2Fimage.png?alt=media\&token=4426ed14-b889-4473-a812-410b40d4c3f8)