Quantcast
Channel: KitPloit - PenTest Tools!
Viewing all articles
Browse latest Browse all 5816

GPON - Python Exploit For Remote Code Executuion On GPON Home Routers (CVE-2018-10562)

$
0
0

RCE on GPON home routers (CVE-2018-10561)

Vulnerability
Many routers today use GPON internet, and a way to bypass all authentication on the devices (CVE-2018-10561) was found by VPNMentor. With this authentication bypass, it's also possible to unveil another command injectionvulnerability (CVE-2018-10562) and execute commands on the device.
At the time it was written almost ONE MILLION of these devices are exposed to the Internet, according to Shodan.

Dependencies required
requests
urllib2

Tested on
Kali Linux
Ubuntu 17.10 Server

Usage
python gpon_rce.py TARGET_URL COMMAND
e.g.
python gpon_rce.py http://192.168.1.15 'id'

Screenshots



Viewing all articles
Browse latest Browse all 5816

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>