mirror of
https://github.com/rapid7/metasploit-framework
synced 2024-10-09 04:26:11 +02:00
automatic module_metadata_base.json update
This commit is contained in:
parent
bed067dda0
commit
4130c61a14
@ -60575,11 +60575,11 @@
|
||||
"session_types": false,
|
||||
"needs_cleanup": null
|
||||
},
|
||||
"exploit_linux/http/grandstream_gxv3175_settimezone_unauth_cmd_exec": {
|
||||
"name": "Grandstream GXV3175 'settimezone' Unauthenticated Command Execution",
|
||||
"fullname": "exploit/linux/http/grandstream_gxv3175_settimezone_unauth_cmd_exec",
|
||||
"exploit_linux/http/grandstream_gxv31xx_settimezone_unauth_cmd_exec": {
|
||||
"name": "Grandstream GXV31XX 'settimezone' Unauthenticated Command Execution",
|
||||
"fullname": "exploit/linux/http/grandstream_gxv31xx_settimezone_unauth_cmd_exec",
|
||||
"aliases": [
|
||||
|
||||
"exploit/linux/http/grandstream_gxv3175_settimezone_unauth_cmd_exec"
|
||||
],
|
||||
"rank": 500,
|
||||
"disclosure_date": "2016-09-01",
|
||||
@ -60589,14 +60589,14 @@
|
||||
"Brendan Scarvell",
|
||||
"bcoles <bcoles@gmail.com>"
|
||||
],
|
||||
"description": "This module exploits a command injection vulnerability in Grandstream GXV3175\n IP multimedia phones. The 'settimezone' action does not validate input in the\n 'timezone' parameter allowing injection of arbitrary commands.\n\n A buffer overflow in the 'phonecookie' cookie parsing allows authentication\n to be bypassed by providing an alphanumeric cookie 93 characters in length.\n\n This module was tested successfully on Grandstream GXV3175v2\n hardware revision V2.6A with firmware version 1.0.1.19.",
|
||||
"description": "This module exploits a command injection vulnerability in Grandstream GXV31XX\n IP multimedia phones. The 'settimezone' action does not validate input in the\n 'timezone' parameter allowing injection of arbitrary commands.\n\n A buffer overflow in the 'phonecookie' cookie parsing allows authentication\n to be bypassed by providing an alphanumeric cookie 93 characters in length.\n\n This module was tested successfully on Grandstream models:\n GXV3175v2 hardware revision V2.6A with firmware version 1.0.1.19; and\n GXV3140 hardware revision V0.4B with firmware version 1.0.1.27.",
|
||||
"references": [
|
||||
"CVE-2019-10655",
|
||||
"URL-https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=23920",
|
||||
"URL-https://github.com/dirtyfilthy/gxv3175-remote-code-exec/blob/master/modules/exploits/linux/http/grandstream_gxv3175_cmd_exec.rb"
|
||||
],
|
||||
"platform": "Linux",
|
||||
"arch": "armle",
|
||||
"platform": "Linux,Unix",
|
||||
"arch": "",
|
||||
"rport": 80,
|
||||
"autofilter_ports": [
|
||||
80,
|
||||
@ -60614,12 +60614,13 @@
|
||||
"https"
|
||||
],
|
||||
"targets": [
|
||||
"Automatic"
|
||||
"Linux (cmd)",
|
||||
"Linux (ARMLE)"
|
||||
],
|
||||
"mod_time": "2022-01-19 00:04:15 +0000",
|
||||
"path": "/modules/exploits/linux/http/grandstream_gxv3175_settimezone_unauth_cmd_exec.rb",
|
||||
"mod_time": "2022-01-29 19:38:57 +0000",
|
||||
"path": "/modules/exploits/linux/http/grandstream_gxv31xx_settimezone_unauth_cmd_exec.rb",
|
||||
"is_install_path": true,
|
||||
"ref_name": "linux/http/grandstream_gxv3175_settimezone_unauth_cmd_exec",
|
||||
"ref_name": "linux/http/grandstream_gxv31xx_settimezone_unauth_cmd_exec",
|
||||
"check": true,
|
||||
"post_auth": false,
|
||||
"default_credential": false,
|
||||
|
Loading…
Reference in New Issue
Block a user