infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

automatic module_metadata_base.json update

master
Metasploit 2019-04-12 12:20:17 -07:00
parent 2ebee1226f
commit 7de9f5beea
No known key found for this signature in database
GPG Key ID: CDFB5FA52007B954
1 changed files with 52 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
db/modules_metadata_base.json
View File

@ -45252,6 +45252,58 @@
"notes": { "notes": {
} }
}, },
"exploit_linux/http/cisco_rv130_rmi_rce": {
"name": "Cisco RV130W Routers Management Interface Remote Command Execution",
"full_name": "exploit/linux/http/cisco_rv130_rmi_rce",
"rank": 400,
"disclosure_date": "2019-02-27",
"type": "exploit",
"author": [
"Yu Zhang",
"Haoliang Lu",
"T. Shiomitsu",
"Quentin Kaiser <kaiserquentin@gmail.com>"
],
"description": "A vulnerability in the web-based management interface of the Cisco RV130W Wireless-N Multifunction VPN Router\n could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device.\n\n The vulnerability is due to improper validation of user-supplied data in the web-based management interface.\n An attacker could exploit this vulnerability by sending malicious HTTP requests to a targeted device.\n\n A successful exploit could allow the attacker to execute arbitrary code on the underlying operating\n system of the affected device as a high-privilege user.\n\n RV130W Wireless-N Multifunction VPN Router versions prior to 1.0.3.45 are affected.\n\n Note: successful exploitation may not result in a session, and as such,\n on_new_session will never repair the HTTP server, leading to a denial-of-service condition.",
"references": [
"CVE-2019-1663",
"BID-107185",
"URL-https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190227-rmi-cmd-ex"
],
"platform": "Linux",
"arch": "armle",
"rport": 443,
"autofilter_ports": [
80,
8080,
443,
8000,
8888,
8880,
8008,
3000,
8443
],
"autofilter_services": [
"http",
"https"
],
"targets": [
"Cisco RV130/RV130W < 1.0.3.45"
],
"mod_time": "2019-04-12 10:58:56 +0000",
"path": "/modules/exploits/linux/http/cisco_rv130_rmi_rce.rb",
"is_install_path": true,
"ref_name": "linux/http/cisco_rv130_rmi_rce",
"check": false,
"post_auth": false,
"default_credential": false,
"notes": {
"Stability": [
"crash-service-down"
]
}
},
"exploit_linux/http/cisco_rv32x_rce": { "exploit_linux/http/cisco_rv32x_rce": {
"name": "Cisco RV320 and RV325 Unauthenticated Remote Code Execution", "name": "Cisco RV320 and RV325 Unauthenticated Remote Code Execution",
"full_name": "exploit/linux/http/cisco_rv32x_rce", "full_name": "exploit/linux/http/cisco_rv32x_rce",