automatic module_metadata_base.json update

2019-02-19 11:55:27 -08:00 · 2019-02-19 11:55:27 -08:00 · 3c9e781eed
parent 661e78beed
commit 3c9e781eed
1 changed files with 58 additions and 0 deletions
--- a/db/modules_metadata_base.json
+++ b/db/modules_metadata_base.json
@ -55094,6 +55094,64 @@
    "notes": {
    }
  },
+  "exploit_linux/upnp/belkin_wemo_upnp_exec": {
+    "name": "Belkin Wemo UPnP Remote Code Execution",
+    "full_name": "exploit/linux/upnp/belkin_wemo_upnp_exec",
+    "rank": 600,
+    "disclosure_date": "2014-04-04",
+    "type": "exploit",
+    "author": [
+      "phikshun",
+      "wvu <wvu@metasploit.com>"
+    ],
+    "description": "This module exploits a command injection in the Belkin Wemo UPnP API via\n        the SmartDevURL argument to the SetSmartDevInfo action.\n\n        This module has been tested on a Wemo-enabled Crock-Pot, but other Wemo\n        devices are known to be affected, albeit on a different RPORT (49153).",
+    "references": [
+      "URL-https://web.archive.org/web/20150901094849/http://disconnected.io/2014/04/04/universal-plug-and-fuzz/",
+      "URL-https://github.com/phikshun/ufuzz",
+      "URL-https://gist.github.com/phikshun/10900566",
+      "URL-https://gist.github.com/phikshun/9984624",
+      "URL-https://www.crock-pot.com/wemo-landing-page.html",
+      "URL-https://www.belkin.com/us/support-article?articleNum=101177",
+      "URL-http://www.wemo.com/"
+    ],
+    "platform": "Linux,Unix",
+    "arch": "cmd, mipsle",
+    "rport": 49152,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": [
+      "Unix In-Memory",
+      "Linux Dropper"
+    ],
+    "mod_time": "2019-02-19 13:22:38 +0000",
+    "path": "/modules/exploits/linux/upnp/belkin_wemo_upnp_exec.rb",
+    "is_install_path": true,
+    "ref_name": "linux/upnp/belkin_wemo_upnp_exec",
+    "check": true,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "artifacts-on-disk"
+      ]
+    }
+  },
  "exploit_linux/upnp/dlink_upnp_msearch_exec": {
    "name": "D-Link Unauthenticated UPnP M-SEARCH Multicast Command Injection",
    "full_name": "exploit/linux/upnp/dlink_upnp_msearch_exec",