Lucene search
K

Emby Version Scanner

🗓️ 13 Jun 2021 17:55:03Reported by BtnzType 
metasploit
 metasploit
🔗 www.rapid7.com👁 154 Views

Emby Version Scanner attempts to identify the version of an Emby Media Server, useful for locating devices vulnerable to CVE-2020-26948

Related
Code
ReporterTitlePublishedViews
Family
GithubExploit
Exploit for Server-Side Request Forgery in Emby
22 Jul 202023:30
githubexploit
Circl
CVE-2020-26948
11 Oct 202000:35
circl
CNVD
Emby Server Cross-Site Request Forgery Vulnerability
20 Oct 202000:00
cnvd
CVE
CVE-2020-26948
10 Oct 202020:12
cve
Cvelist
CVE-2020-26948
10 Oct 202020:12
cvelist
Metasploit
Emby SSRF HTTP Scanner
13 Jun 202117:55
metasploit
Nuclei
Emby < 4.5.0 - Server Server-Side Request Forgery
28 Jun 202615:08
nuclei
NVD
CVE-2020-26948
10 Oct 202021:15
nvd
OpenVAS
Emby Server < 4.5.0 SSRF Vulnerability
10 Sep 202100:00
openvas
OSV
CVE-2020-26948
10 Oct 202021:15
osv
Rows per page
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

class MetasploitModule < Msf::Auxiliary
  include Msf::Exploit::Remote::HttpClient
  include Msf::Auxiliary::Scanner
  include Msf::Auxiliary::Report

  def initialize
    super(
      'Name' => 'Emby Version Scanner',
      'Description' => 'This module attempts to identify the version of an Emby Media Server running on a
                        host. If you wish to see all the information available, set VERBOSE to true. Use in
                        conjunction with emby_ssrf_scanner to locate devices vulnerable to CVE-2020-26948.',
      'Author' => 'Btnz',
      'License' => MSF_LICENSE,
      'Disclosure Date' => '2020-10-01',
      'Notes' => {
        'Stability' => [],
        'SideEffects' => [],
        'Reliability' => [],
        'RelatedModules' => ['auxiliary/scanner/http/emby_ssrf_scanner']
      },
      'References' => [
        ['CVE', '2020-26948'],
        ['URL', 'https://github.com/btnz-k/emby_ssrf']
      ]
    )

    register_options(
      [
        Opt::RPORT(8096),
        OptString.new('TARGETURI', [true, 'The base path, usually just /', '/']),
        OptInt.new('TIMEOUT', [true, 'Timeout for the version scanner', 30])
      ]
    )
    deregister_options('SSL')
  end

  def run_host(ip)
    res = send_request_cgi({
      'uri' => "#{datastore['TARGETURI']}System/Info/Public",
      'method' => 'GET'
    }, datastore['TIMEOUT'])
    if res.nil? || res.code != 200
      print_error('Failed to connect to an Emby Server')
      return
    end

    result = res.get_json_document
    print_status("Identifying Media Server Version on #{peer}")
    print_good("[Media Server] URI: http://#{peer}#{datastore['TARGETURI']}")
    print_good("[Media Server] Version: #{result['Version']}")
    print_good("[Media Server] Internal IP: #{result['LocalAddress']}") if result['LocalAddress'].to_s != ''
    print_good('*** Vulnerable to SSRF module auxiliary/scanner/http/emby_ssrf_scanner! ***') if Rex::Version.new(result['Version'].to_s) < Rex::Version.new('4.5.0')
    report_service(
      host: rhost,
      port: rport,
      name: 'emby',
      info: "Emby Server v.#{result['Version']} (LAN:#{result['LocalAddress']})"
    )
    vprint_status "All info: #{result}"
    report_note(
      host: ip,
      port: rport,
      proto: 'tcp',
      ntype: 'server_version',
      data: { version: result['Version'] },
      info: "Media Server v.#{result['Version']}"
    )
    vprint_status('Saving host information.')
    report_host(
      host: ip,
      info: "Emby Server v.#{result['Version']} (LAN:#{result['LocalAddress']})"
    )
  end
end

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

01 Apr 2026 19:01Current
8.9High risk
Vulners AI Score8.9
CVSS 27.5
CVSS 3.19.8
EPSS0.87154
154