This Metasploit module attempts to find D-Link devices running Alphanetworks web interfaces affected by the backdoor found on the User-Agent header. This Metasploit module has been tested successfully on a DIR-100 device with firmware version v1.13.
efeab64a2c3b15be8d9ef8a9a4512d08c15268b3a979db52689b008670fee189This Metasploit module exploits an authentication bypass vulnerability in DIR 645 < v1.03. With this vulnerability you are able to extract the password for the remote management.
7fe8b8b74336f5dc7dd1fec74d9b8ce3315a1065aebd43f4c022aa9e9817bb7bThis Metasploit module exploits an authentication bypass vulnerability in different Netgear devices. It allows you to extract the password for the remote management interface.
6ec21b301158f8e8563ec1fe1e9c6b675e162a88cdc41ce6a56f70fa586ab250This Metasploit module exploits an authentication bypass vulnerability in D-Link DSL 320B less than or equal tov1.23. This vulnerability allows to extract the credentials for the remote management interface.
46b12d46c687aab16789fe43c6f1a2ff95ae781adbba6ee2c13bae048f23ea0cThis Metasploit module exploits a stack-based buffer overflow vulnerability in the WRT120N Linksys router to reset the password of the management interface temporarily to an empty value. This Metasploit module has been tested successfully on a WRT120N device with firmware version 1.0.07.
8c48cc9aba6358bbaaaa868166dc5b29ae82fbde8cfb579604b70ce724082f81This Metasploit module exploits an anonymous remote upload and code execution vulnerability on different D-Link devices. The vulnerability is a command injection in the cookie handling process of the lighttpd web server when handling specially crafted cookie values. This Metasploit module has been successfully tested on D-Link DSP-W110A1_FW105B01 in emulated environment.
0775e7d0aff2f6e2825635c995a83bb54708fc9752c08058d2dc8f04aed2e87cDifferent devices using the Realtek SDK with the miniigd daemon are vulnerable to OS command injection in the UPnP SOAP interface. Since it is a blind OS command injection vulnerability, there is no output for the executed command. This Metasploit module has been tested successfully on a Trendnet TEW-731BR router with emulation.
a727354d03f176b35f63aa0ffc5bb38a19701e52b268455eadf7ca7c31e71bffThis Metasploit module exploits a remote buffer overflow vulnerability on several Airties routers. The vulnerability exists in the handling of HTTP queries to the login cgi with long redirect parameters. The vulnerability doesn't require authentication. This Metasploit module has been tested successfully on the AirTies_Air5650v3TT_FW_1.0.2.0.bin firmware with emulation. Other versions such as the Air6372, Air5760, Air5750, Air5650TT, Air5453, Air5444TT, Air5443, Air5442, Air5343, Air5342, Air5341, Air5021 are also reported as vulnerable.
e3284b80df8a49e84fe10eeeefb856090ee5b49ba6f62e629a9763e62071ed9aThis Metasploit module exploits a remote command injection vulnerability on several routers. The vulnerability exists in the ncc service, while handling ping commands. This Metasploit module has been tested on a DIR-626L emulated environment only. Several D-Link and TRENDnet devices are reported as affected, including: D-Link DIR-626L (Rev A) v1.04b04, D-Link DIR-636L (Rev A) v1.04, D-Link DIR-808L (Rev A) v1.03b05, D-Link DIR-810L (Rev A) v1.01b04, D-Link DIR-810L (Rev B) v2.02b01, D-Link DIR-820L (Rev A) v1.02B10, D-Link DIR-820L (Rev A) v1.05B03, D-Link DIR-820L (Rev B) v2.01b02, D-Link DIR-826L (Rev A) v1.00b23, D-Link DIR-830L (Rev A) v1.00b07, D-Link DIR-836L (Rev A) v1.01b03, and TRENDnet TEW-731BR (Rev 2) v2.01b01
35d9cdabfd053fc6c2ff7f2de254f832a73dc49048156c4f453d8ba4b3f21bc9This Metasploit module exploits a remote buffer overflow vulnerability on Belkin Play N750 DB Wireless Dual-Band N+ Router N750 routers. The vulnerability exists in the handling of HTTP queries with long 'jump' parameters addressed to the /login.cgi URL, allowing remote unauthenticated attackers to execute arbitrary code. This Metasploit module was tested in an emulated environment, using the version 1.10.16.m of the firmware.
164f73d50b085d0c2335092e7f16da683c66b3f7e546e57619eee75d165cbf97Different Fritz!Box devices are vulnerable to an unauthenticated OS command injection. This Metasploit module was tested on a Fritz!Box 7270 from the LAN side. The vendor reported the following devices vulnerable: 7570, 7490, 7390, 7360, 7340, 7330, 7272, 7270, 7170 Annex A A/CH, 7170 Annex B English, 7170 Annex A English, 7140, 7113, 6840 LTE, 6810 LTE, 6360 Cable, 6320 Cable, 5124, 5113, 3390, 3370, 3272, 3270
3c9438ad3242628774c0c9001c0fa55a918947a138a8407300ecd933463e3bf5Some Linksys E-Series Routers are vulnerable to an unauthenticated OS command injection. This vulnerability was used from the so called "TheMoon" worm. There are many Linksys systems that might be vulnerable including E4200, E3200, E3000, E2500, E2100L, E2000, E1550, E1500, E1200, E1000, E900. This Metasploit module was tested successfully against an E1500 v1.0.5.
8562df406cf3a664284fb32daf860dcc7c4a95b65db2f358b2abed16cc85d646Different Raidsonic NAS devices are vulnerable to OS command injection via the web interface. The vulnerability exists in timeHandler.cgi, which is accessible without authentication. This Metasploit module has been tested with the versions IB-NAS5220 and IB-NAS4220. Since this module is adding a new user and modifying the inetd daemon configuration, this module is set to ManualRanking and could cause target instability.
349e9ccfce89a895bc88301a928728a68a24c672b6744b743b04b03f181ca743Various D-Link Routers are vulnerable to OS command injection in the UPnP SOAP interface. This Metasploit module has been tested successfully on DIR-300, DIR-600, DIR-645, DIR-845 and DIR-865. According to the vulnerability discoverer, more D-Link devices may be affected.
52a628392ec5ee753541865f4aca6952fbf591c9999c1f65fb1b299552915715Different D-Link Routers are vulnerable to OS command injection via the web interface. The vulnerability exists in command.php, which is accessible without authentication. This Metasploit module has been tested with the versions DIR-600 2.14b01, DIR-300 rev B 2.13. Two target are included, the first one starts a telnetd service and establish a session over it, the second one runs commands via the CMD target. There is no wget or tftp client to upload an elf backdoor easily. According to the vulnerability discoverer, more D-Link devices may affected.
8a06110527ae3c72725545cc043ee9d4ea6e4d06ff5b64679ba754e17db95b66Different D-Link Routers are vulnerable to OS command injection via the web interface. The vulnerability exists in tools_vct.xgi, which is accessible with credentials. This Metasploit module has been tested with the versions DIR-300 rev A v1.05 and DIR-615 rev D v4.13. Two target are included, the first one starts a telnetd service and establish a session over it, the second one runs commands via the CMD target. There is no wget or tftp client to upload an elf backdoor easily. According to the vulnerability discoverer, more D-Link devices may affected.
9d58ec6df990b7786634d5c2bda806a6512ca58a1d498965975b3ba04c0ab5c4Different D-Link Routers are vulnerable to OS command injection in the UPnP SOAP interface. Since it is a blind OS command injection vulnerability, there is no output for the executed command when using the CMD target. Additionally, two targets are included, to start a telnetd service and establish a session over it, or deploy a native mipsel payload. This Metasploit module has been tested successfully on DIR-300, DIR-600, DIR-645, DIR-845 and DIR-865. According to the vulnerability discoverer, more D-Link devices may affected.
01d435ac6d062114f47621077e0eb7f0d7eaf8b4b14cc6838696243a3e34377fD-Link devices DIR-300 rev B, DIR-600 rev B, DIR-645, DIR-845, and DIR-865 suffer from a remote command injection vulnerability. The vulnerability is caused due to missing input validation in different XML parameters.
45b06bd652acac11c15608f66dea0133730d0c898dc986726de440ece8669b91Linksys X3000 with firmware version 1.0.03 build 001 suffers from cross site scripting and remote command injection vulnerabilities.
9c441bf0e5c4abc193de4dc4b9a32d21f52156309d5de56f97d5e1c801f09e64Some Linksys Routers are vulnerable to an authenticated OS command injection on their web interface where default credentials are admin/admin or admin/password. Since it is a blind OS command injection vulnerability, there is no output for the executed command when using the cmd generic payload. This Metasploit module has been tested on a Linksys WRT160n version 2 - firmware version v2.0.03. A ping command against a controlled system could be used for testing purposes. The exploit uses the tftp client from the device to stage to native payloads from the command injection.
f9f09e58e33c3c7939cc2ed16b2c26b3cc52e2b7e29498141ef9d035fec7d9f7Some D-Link Routers are vulnerable to an authenticated OS command injection on their web interface, where default credentials are admin/admin or admin/password. Since it is a blind os command injection vulnerability, there is no output for the executed command when using the cmd generic payload. This Metasploit module was tested against a DIR-615 hardware revision H1 - firmware version 8.04. A ping command against a controlled system could be used for testing purposes. The exploit uses the wget client from the device to convert the command injection into an arbitrary payload execution.
aad8c5ca69c9c88e6afefcbe2b486142c3227a0b49c91b9a4e140ec39830afb7D-Link DSL-320B suffers from persistent cross site scripting and multiple authentication bypass bypass vulnerabilities.
39f8eb0877b4a1479fcf473272af42277ef75ed9a0c42219a8756b0d491a8ad4D-Link DIR-635 suffers from cross site request forgery and multiple cross site scripting vulnerabilities.
9f5aeb25f45b5c7859957c04d42fa54170e29e93b7f0b36b152822e378687b11D-Link DIR-615 and DIR-300 suffer from cross site request forgery, OS command injection, lack of cryptographic storage, header injection, and cross site scripting vulnerabilities.
d92d1912f11dbbae5692e74866d76e755ce2c196d6f9a7fa689ae37251fd787eSome Netgear Routers are vulnerable to an authenticated OS command injection on their web interface. Default credentials for the web interface are admin/admin or admin/password. Since it is a blind os command injection vulnerability, there is no output for the executed command when using the cmd generic payload. A ping command against a controlled system could be used for testing purposes. This Metasploit module overwrites parts of the PPOE configuration, while the module tries to restore it after exploitation configuration backup is recommended.
91dc01de9600bf71b1bfb0fa39d3c499055961c38a5e9d02115d91d6d11e4a4d
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed