infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

automatic module_metadata_base.json update

4.x
Metasploit 2019-03-28 16:03:29 -07:00
parent 2b22a5e9a3
commit 4e209e4153
No known key found for this signature in database
GPG Key ID: CDFB5FA52007B954
1 changed files with 52 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
db/modules_metadata_base.json
View File

@ -45203,6 +45203,58 @@
"notes": {
}
},
"exploit_linux/http/cisco_rv32x_rce": {
"name": "Cisco RV320 and RV325 Unauthenticated Remote Code Execution",
"full_name": "exploit/linux/http/cisco_rv32x_rce",
"rank": 300,
"disclosure_date": "2018-09-09",
"type": "exploit",
"author": [
"RedTeam Pentesting GmbH",
"Philip Huppert",
"Benjamin Grap"
],
"description": "This exploit module combines an information disclosure (CVE-2019-1653)\n and a command injection vulnerability (CVE-2019-1652) together to gain\n unauthenticated remote code execution on Cisco RV320 and RV325 small business\n routers. Can be exploited via the WAN interface of the router. Either via HTTPS\n on port 443 or HTTP on port 8007 on some older firmware versions.",
"references": [
"CVE-2019-1653",
"CVE-2019-1652",
"EDB-46243",
"BID-106728",
"BID-106732",
"URL-https://www.redteam-pentesting.de/en/advisories/rt-sa-2018-002/-cisco-rv320-unauthenticated-configuration-export",
"URL-https://www.redteam-pentesting.de/en/advisories/rt-sa-2018-004/-cisco-rv320-command-injection"
],
"platform": "Linux",
"arch": "",
"rport": 8007,
"autofilter_ports": [
80,
8080,
443,
8000,
8888,
8880,
8008,
3000,
8443
],
"autofilter_services": [
"http",
"https"
],
"targets": [
"LINUX MIPS64"
],
"mod_time": "2019-03-20 14:21:40 +0000",
"path": "/modules/exploits/linux/http/cisco_rv32x_rce.rb",
"is_install_path": true,
"ref_name": "linux/http/cisco_rv32x_rce",
"check": true,
"post_auth": false,
"default_credential": false,
"notes": {
}
},
"exploit_linux/http/crypttech_cryptolog_login_exec": {
"name": "Crypttech CryptoLog Remote Code Execution",
"full_name": "exploit/linux/http/crypttech_cryptolog_login_exec",