From 7c7a233d673722fe05471483dd0caeff9ba5140e Mon Sep 17 00:00:00 2001 From: Nicholas Starke Date: Sat, 23 Feb 2019 14:41:11 -0600 Subject: [PATCH] Addressing PR Comments --- .../linux/upnp/belkin_wemo_upnp_exec.rb | 38 +++++++++---------- 1 file changed, 17 insertions(+), 21 deletions(-) diff --git a/modules/exploits/linux/upnp/belkin_wemo_upnp_exec.rb b/modules/exploits/linux/upnp/belkin_wemo_upnp_exec.rb index 6caa954b09..1c08c2148d 100644 --- a/modules/exploits/linux/upnp/belkin_wemo_upnp_exec.rb +++ b/modules/exploits/linux/upnp/belkin_wemo_upnp_exec.rb @@ -62,7 +62,7 @@ class MetasploitModule < Msf::Exploit::Remote 'Stability' => [CRASH_SAFE], 'SideEffects' => [ARTIFACTS_ON_DISK], 'Reliablity' => [REPEATABLE_SESSION], - 'NOCVE' => 'Patched in 2.00.8643' # TODO: Add firmware check + 'NOCVE' => 'Patched in 2.00.8643' } )) @@ -83,39 +83,35 @@ class MetasploitModule < Msf::Exploit::Remote ) if res && res.code == 200 && res.body.include?('urn:Belkin:device:') - print_good('Wemo-enabled device detected') + vprint_status('Wemo-enabled device detected') else - print_error('This does not appear to be a wemo-enabled device') - return + vprint_error('This does not appear to be a Wemo-enabled device') + return CheckCode::Safe end - begin - version_text = res.get_xml_document.to_s - version_text =~ /WeMo_WW_?([\d]*[.][\d]*[.][\d]*)/ && $1 && version = (Gem::Version.new($1)) - print_status("Found version: #{version.to_s}") - rescue - print_error('Error parsing version information from xml') - return + version_text = res.get_xml_document.at('firmwareVersion').text + + if version_text.empty? + vprint_error('No firmware version retrieved') + return CheckCode::Unknown end - if version && version < Gem::Version.new('2.00.8643') - print_good('Firmware version appears to be vulnerable') - CheckCode::Appears + version_text =~ /WeMo_WW_?([\d]*[.][\d]*[.][\d]*)/ && $1 && version = (Gem::Version.new($1)) + vprint_status("Found version: #{version.to_s}") + + if version < Gem::Version.new('2.00.8643') + vprint_good('Firmware version appears to be vulnerable') + CheckCode::Vulnerable else - print_warning('Firmware version appears not to be vulnerable') + vprint_warning('Firmware version does not appear to be vulnerable') CheckCode::Safe end - end def exploit checkcode = check - unless checkcode || datastore['ForceExploit'] - fail_with(Failure::Unknown, 'Set ForceExploit to override') - end - - unless checkcode == CheckCode::Appears || datastore['ForceExploit'] + unless checkcode == CheckCode::Vulnerable || datastore['ForceExploit'] fail_with(Failure::NotVulnerable, 'Set ForceExploit to override') end