# Wayos 防火墙 后台命令执行漏洞

### 漏洞描述 <a href="#lou-dong-miao-shu" id="lou-dong-miao-shu"></a>

Wayos 防火墙 后台存在命令执行漏洞，通过命令注入可以执行远程命令

### 漏洞影响 <a href="#lou-dong-ying-xiang" id="lou-dong-ying-xiang"></a>

Wayos 防火墙

### FOFA <a href="#fofa" id="fofa"></a>

body="Get\_Verify\_Info(hex\_md5(user\_string)."

### 漏洞复现 <a href="#lou-dong-fu-xian" id="lou-dong-fu-xian"></a>

登录页面如下

![](https://4279400230-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MgxNkYa2vR6HNnHdkjg%2F-Mhr29TNgN3F9wtPQQQU%2F-Mhr556ceIfy9x082CZ3%2Fimage.png?alt=media\&token=d6f471e1-89f9-42a1-807a-badfeec41be1)

登录后台后 ping 模块命令执行

![](https://4279400230-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MgxNkYa2vR6HNnHdkjg%2F-Mhr29TNgN3F9wtPQQQU%2F-Mhr59-1aePmL7Skt7n1%2Fimage.png?alt=media\&token=e571173d-afd9-4c70-b715-9e31e4482a3b)