Addressing PR Comments

2019-02-23 14:41:11 -06:00 · 2019-02-23 14:41:11 -06:00 · 7c7a233d67
parent 6bd1489f62
commit 7c7a233d67
1 changed files with 17 additions and 21 deletions
--- a/modules/exploits/linux/upnp/belkin_wemo_upnp_exec.rb
+++ b/modules/exploits/linux/upnp/belkin_wemo_upnp_exec.rb
@ -62,7 +62,7 @@ class MetasploitModule < Msf::Exploit::Remote
        'Stability'        => [CRASH_SAFE],
        'SideEffects'      => [ARTIFACTS_ON_DISK],
        'Reliablity'       => [REPEATABLE_SESSION],
-        'NOCVE'            => 'Patched in 2.00.8643' # TODO: Add firmware check
+        'NOCVE'            => 'Patched in 2.00.8643'
      }
    ))

@ -83,39 +83,35 @@ class MetasploitModule < Msf::Exploit::Remote
    )

    if res && res.code == 200 && res.body.include?('urn:Belkin:device:')
-      print_good('Wemo-enabled device detected')
+      vprint_status('Wemo-enabled device detected')
    else
-      print_error('This does not appear to be a wemo-enabled device')
-      return
+      vprint_error('This does not appear to be a Wemo-enabled device')
+      return CheckCode::Safe
    end

-    begin
-      version_text = res.get_xml_document.to_s
-      version_text =~ /WeMo_WW_?([\d]*[.][\d]*[.][\d]*)/ && $1 && version = (Gem::Version.new($1))
-      print_status("Found version: #{version.to_s}")
-    rescue
-      print_error('Error parsing version information from xml')
-      return
+    version_text = res.get_xml_document.at('firmwareVersion').text
+
+    if version_text.empty?
+      vprint_error('No firmware version retrieved')
+      return CheckCode::Unknown
    end

-    if version && version < Gem::Version.new('2.00.8643')
-      print_good('Firmware version appears to be vulnerable')
-      CheckCode::Appears
+    version_text =~ /WeMo_WW_?([\d]*[.][\d]*[.][\d]*)/ && $1 && version = (Gem::Version.new($1))
+    vprint_status("Found version: #{version.to_s}")
+
+    if version < Gem::Version.new('2.00.8643')
+      vprint_good('Firmware version appears to be vulnerable')
+      CheckCode::Vulnerable
    else
-      print_warning('Firmware version appears not to be vulnerable')
+      vprint_warning('Firmware version does not appear to be vulnerable')
      CheckCode::Safe
    end
-
  end

  def exploit
    checkcode = check

-    unless checkcode || datastore['ForceExploit']
-      fail_with(Failure::Unknown, 'Set ForceExploit to override')
-    end
-
-    unless checkcode == CheckCode::Appears || datastore['ForceExploit']
+    unless checkcode == CheckCode::Vulnerable || datastore['ForceExploit']
      fail_with(Failure::NotVulnerable, 'Set ForceExploit to override')
    end