">
Lucene search
K

SerComm Network Device Backdoor Detection

🗓️ 09 Jan 2014 19:25:28Reported by Eloi Vanderbeken <[email protected]>, Matt "hostess" Andreko <[email protected]>Type 
metasploit
 metasploit
🔗 www.rapid7.com👁 22 Views

Detects backdoor in SerComm network devices allowing command injection or account disclosure

Related
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2014-0659
14 Jan 201400:00
circl
Cisco
Undocumented Test Interface in Cisco Small Business Devices
10 Jan 201416:00
cisco
CVE
CVE-2014-0659
12 Jan 201415:00
cve
Cvelist
CVE-2014-0659
12 Jan 201415:00
cvelist
NVD
CVE-2014-0659
12 Jan 201418:34
nvd
Packet Storm
SerComm Network Device Backdoor Detection
1 Sep 202400:00
packetstorm
Prion
Design/Logic Flaw
12 Jan 201418:34
prion
Tenable Nessus
ScMM DSL Modem/Router Backdoor Detection
6 Jan 201400:00
nessus
securityvulns
Cisco routers backdoor
14 Jan 201400:00
securityvulns
seebug.org
Cisco RVS4000/WRVS4400N/WAP4410N设备测试接口远程特权提升漏洞
18 Feb 201400:00
seebug
Rows per page
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

class MetasploitModule < Msf::Auxiliary
  include Msf::Exploit::Remote::Tcp
  include Msf::Auxiliary::Scanner
  include Msf::Auxiliary::Report

  def initialize(info={})
    super(update_info(info,
      'Name'        => 'SerComm Network Device Backdoor Detection',
      'Description' => %q{
        This module can identify SerComm manufactured network devices which
        contain a backdoor, allowing command injection or account disclosure.
      },
      'Author'         =>
        [
          'Eloi Vanderbeken <eloi.vanderbeken[at]gmail.com>', # Initial discovery, poc
          'Matt "hostess" Andreko <mandreko[at]accuvant.com>' # Msf module
        ],
        'License'     => MSF_LICENSE,
        'References'     =>
        [
          [ 'CVE', '2014-0659' ],
          [ 'OSVDB', '101653' ],
          [ 'URL', 'https://github.com/elvanderb/TCP-32764' ]
        ],
        'DisclosureDate' => '2013-12-31' ))

    register_options([
        Opt::RPORT(32764)
      ])
  end

  def do_report(ip, endianness)
    report_vuln({
      :host => ip,
      :port => rport,
      :name => "SerComm Network Device Backdoor",
      :refs => self.references,
      :info => "SerComm Network Device Backdoor found on a #{endianness} device"
    })
  end

  def run_host(ip)
    begin
      connect
      sock.put(Rex::Text.rand_text(5))
      res = sock.get_once
      disconnect

      if (res && res.start_with?("MMcS"))
        print_good("#{ip}:#{rport} - Possible backdoor detected - Big Endian")
        do_report(ip, "Big Endian")
      elsif (res && res.start_with?("ScMM"))
        print_good("#{ip}:#{rport} - Possible backdoor detected - Little Endian")
        do_report(ip, "Little Endian")
      else
        vprint_status("#{ip}:#{rport} - Backdoor not detected.")
      end
    rescue Rex::ConnectionError => e
      vprint_error("#{ip}:#{rport} - Connection failed: #{e.class}: #{e}")
    end
  end
end

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation