Hard wrap descriptions
Tod Beardsley
parent
c2b8d23854
commit
ae4edd65e1
|
|
@ -10,7 +10,10 @@ class MetasploitModule < Msf::Auxiliary
|
|||
super(update_info(info,
|
||||
'Name' => "Cambium cnPilot r200/r201 Command Execution as 'root'",
|
||||
'Description' => %{
|
||||
Cambium cnPilot r200/r201 device software versions 4.2.3-R4 to 4.3.3-R4, contain an undocumented, backdoor 'root' shell. This shell is accessible via a specific url, to any authenticated user. The module uses this shell to execute arbitrary system commands as 'root'.
|
||||
Cambium cnPilot r200/r201 device software versions 4.2.3-R4 to
|
||||
4.3.3-R4, contain an undocumented, backdoor 'root' shell. This shell is
|
||||
accessible via a specific url, to any authenticated user. The module uses this
|
||||
shell to execute arbitrary system commands as 'root'.
|
||||
},
|
||||
'Author' =>
|
||||
[
|
||||
|
|
|
|||
|
|
@ -10,7 +10,9 @@ class MetasploitModule < Msf::Auxiliary
|
|||
super(update_info(info,
|
||||
'Name' => 'Cambium cnPilot r200/r201 File Path Traversal',
|
||||
'Description' => %{
|
||||
This module exploits a File Path Traversal vulnerability in Cambium cnPilot r200/r201 to read arbitrary files off the file system. Affected versions - 4.3.3-R4 and prior.
|
||||
This module exploits a File Path Traversal vulnerability in Cambium
|
||||
cnPilot r200/r201 to read arbitrary files off the file system. Affected
|
||||
versions - 4.3.3-R4 and prior.
|
||||
},
|
||||
'Author' =>
|
||||
[
|
||||
|
|
|
|||
|
|
@ -10,7 +10,10 @@ class MetasploitModule < Msf::Auxiliary
|
|||
super(update_info(info,
|
||||
'Name' => "Cambium ePMP 1000 'get_chart' Command Injection (v3.1-3.5-RC7)",
|
||||
'Description' => %{
|
||||
This module exploits an OS Command Injection vulnerability in Cambium ePMP 1000 (v3.1-3.5-RC7) device management portal. It requires any one of the following login credentials - admin/admin, installer/installer, home/home - to execute arbitrary system commands.
|
||||
This module exploits an OS Command Injection vulnerability in Cambium
|
||||
ePMP 1000 (v3.1-3.5-RC7) device management portal. It requires any one of the
|
||||
following login credentials - admin/admin, installer/installer, home/home - to
|
||||
execute arbitrary system commands.
|
||||
},
|
||||
'Author' =>
|
||||
[
|
||||
|
|
|
|||
|
|
@ -10,7 +10,10 @@ class MetasploitModule < Msf::Auxiliary
|
|||
super(update_info(info,
|
||||
'Name' => "Cambium ePMP 1000 'ping' Command Injection (up to v2.5)",
|
||||
'Description' => %{
|
||||
This module exploits an OS Command Injection vulnerability in Cambium ePMP 1000 (<v2.5) device management portal. It requires any one of the following login credentials - admin/admin, installer/installer, home/home - to execute arbitrary system commands.
|
||||
This module exploits an OS Command Injection vulnerability in Cambium
|
||||
ePMP 1000 (<v2.5) device management portal. It requires any one of the
|
||||
following login credentials - admin/admin, installer/installer, home/home - to
|
||||
execute arbitrary system commands.
|
||||
},
|
||||
'References' =>
|
||||
[
|
||||
|
|
|
|||
|
|
@ -10,7 +10,11 @@ class MetasploitModule < Msf::Auxiliary
|
|||
super(update_info(info,
|
||||
'Name' => 'Cambium ePMP 1000 Account Password Reset',
|
||||
'Description' => %{
|
||||
This module exploits an access control vulnerability in Cambium ePMP device management portal. It requires any one of the following non-admin login credentials - installer/installer, home/home - to reset password of other existing user(s) including 'admin'. All versions <=3.5 are affected. This module works on versions 3.0-3.5-RC7.
|
||||
This module exploits an access control vulnerability in Cambium ePMP
|
||||
device management portal. It requires any one of the following non-admin login
|
||||
credentials - installer/installer, home/home - to reset password of other
|
||||
existing user(s) including 'admin'. All versions <=3.5 are affected. This
|
||||
module works on versions 3.0-3.5-RC7.
|
||||
},
|
||||
'Author' =>
|
||||
[
|
||||
|
|
|
|||
|
|
@ -10,9 +10,15 @@ class MetasploitModule < Msf::Auxiliary
|
|||
super(update_info(info,
|
||||
'Name' => 'Cambium cnPilot r200/r201 Login Scanner and Config Dump',
|
||||
'Description' => %{
|
||||
This module scans for Cambium cnPilot r200/r201 management login portal(s), attempts to identify valid credentials, and dump device configuration.
|
||||
This module scans for Cambium cnPilot r200/r201 management login
|
||||
portal(s), attempts to identify valid credentials, and dump device
|
||||
configuration.
|
||||
|
||||
The device has at least two (2) users - admin and user. Due to an access control vulnerability, it is possible for 'user' account to access full device config. All information, including passwords, and keys, is stored insecurely, in clear-text form, thus allowing unauthorized admin access to any user.
|
||||
The device has at least two (2) users - admin and user. Due to an
|
||||
access control vulnerability, it is possible for 'user' account to access full
|
||||
device config. All information, including passwords, and keys, is stored
|
||||
insecurely, in clear-text form, thus allowing unauthorized admin access to any
|
||||
user.
|
||||
},
|
||||
'Author' =>
|
||||
[
|
||||
|
|
|
|||
|
|
@ -10,7 +10,11 @@ class MetasploitModule < Msf::Auxiliary
|
|||
super(update_info(info,
|
||||
'Name' => 'Cambium ePMP 1000 Dump Device Config',
|
||||
'Description' => %{
|
||||
This module dumps Cambium ePMP 1000 device configuration file. An ePMP 1000 box has four (4) login accounts - admin/admin, installer/installer, home/home, and readonly/readonly. This module requires any one of the following login credentials - admin / installer / home - to dump device configuration file.
|
||||
This module dumps Cambium ePMP 1000 device configuration file. An
|
||||
ePMP 1000 box has four (4) login accounts - admin/admin, installer/installer,
|
||||
home/home, and readonly/readonly. This module requires any one of the following
|
||||
login credentials - admin / installer / home - to dump device configuration
|
||||
file.
|
||||
},
|
||||
'Author' =>
|
||||
[
|
||||
|
|
|
|||
|
|
@ -10,7 +10,10 @@ class MetasploitModule < Msf::Auxiliary
|
|||
super(update_info(info,
|
||||
'Name' => "Cambium ePMP 1000 'ping' Password Hash Extractor (up to v2.5)",
|
||||
'Description' => %{
|
||||
This module exploits an OS Command Injection vulnerability in Cambium ePMP 1000 (<v2.5) device management portal. It requires any one of the following login credentials - admin/admin, installer/installer, home/home - to dump system hashes.
|
||||
This module exploits an OS Command Injection vulnerability in Cambium
|
||||
ePMP 1000 (<v2.5) device management portal. It requires any one of the
|
||||
following login credentials - admin/admin, installer/installer, home/home - to
|
||||
dump system hashes.
|
||||
},
|
||||
'References' =>
|
||||
[
|
||||
|
|
|
|||
|
|
@ -10,7 +10,9 @@ class MetasploitModule < Msf::Auxiliary
|
|||
super(update_info(info,
|
||||
'Name' => 'Cambium ePMP 1000 Login Scanner',
|
||||
'Description' => %{
|
||||
This module scans for Cambium ePMP 1000 management login portal(s), and attempts to identify valid credentials. Default login credentials are - admin/admin, installer/installer, home/home and readonly/readonly.
|
||||
This module scans for Cambium ePMP 1000 management login portal(s), and
|
||||
attempts to identify valid credentials. Default login credentials are -
|
||||
admin/admin, installer/installer, home/home and readonly/readonly.
|
||||
},
|
||||
'Author' =>
|
||||
[
|
||||
|
|
|
|||
|
|
@ -12,7 +12,11 @@ class MetasploitModule < Msf::Auxiliary
|
|||
super(
|
||||
'Name' => 'Cambium cnPilot r200/r201 SNMP Enumeration',
|
||||
'Description' => %{
|
||||
Cambium cnPilot r200/r201 devices can be administered using SNMP. The device configuration contains IP addresses, keys, passwords, & lots of juicy information. This module exploits an access control flaw, which allows remotely extracting sensitive information such as account passwords, WiFI PSK, & SIP credentials via SNMP Read-Only (RO) community string.
|
||||
Cambium cnPilot r200/r201 devices can be administered using SNMP. The
|
||||
device configuration contains IP addresses, keys, passwords, & lots of juicy
|
||||
information. This module exploits an access control flaw, which allows remotely
|
||||
extracting sensitive information such as account passwords, WiFI PSK, & SIP
|
||||
credentials via SNMP Read-Only (RO) community string.
|
||||
},
|
||||
'Author' => ['Karn Ganeshen'],
|
||||
'References' =>
|
||||
|
|
|
|||
|
|
@ -12,7 +12,15 @@ class MetasploitModule < Msf::Auxiliary
|
|||
super(
|
||||
'Name' => 'Cambium ePMP 1000 SNMP Enumeration',
|
||||
'Description' => %{
|
||||
Cambium devices (ePMP, PMP, Force, & others) can be administered using SNMP. The device configuration contains IP addresses, keys, and passwords, amongst other information. This module uses SNMP to extract Cambium ePMP device configuration. On certain software versions, specific device configuration values can be accessed using SNMP RO string, even though only SNMP RW string should be able to access them, according to MIB documentation. The module also triggers full configuration backup, and retrieves the backup url. The configuration file can then be downloaded without authentication. The module has been tested on Cambium ePMP versions 3.5 & prior.
|
||||
Cambium devices (ePMP, PMP, Force, & others) can be administered using
|
||||
SNMP. The device configuration contains IP addresses, keys, and passwords,
|
||||
amongst other information. This module uses SNMP to extract Cambium ePMP device
|
||||
configuration. On certain software versions, specific device configuration
|
||||
values can be accessed using SNMP RO string, even though only SNMP RW string
|
||||
should be able to access them, according to MIB documentation. The module also
|
||||
triggers full configuration backup, and retrieves the backup url. The
|
||||
configuration file can then be downloaded without authentication. The module
|
||||
has been tested on Cambium ePMP versions 3.5 & prior.
|
||||
},
|
||||
'References' =>
|
||||
[
|
||||
|
|
|
|||
|
|
@ -12,7 +12,10 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => "Cambium ePMP1000 'get_chart' Shell via Command Injection (v3.1-3.5-RC7)",
|
||||
'Description' => %{
|
||||
This module exploits an OS Command Injection vulnerability in Cambium ePMP1000 device management portal. It requires any one of the following login credentials - admin/admin, installer/installer, home/home - to set up a reverse netcat shell. The module has been tested on versions 3.1-3.5-RC7.
|
||||
This module exploits an OS Command Injection vulnerability in Cambium
|
||||
ePMP1000 device management portal. It requires any one of the following login
|
||||
credentials - admin/admin, installer/installer, home/home - to set up a reverse
|
||||
netcat shell. The module has been tested on versions 3.1-3.5-RC7.
|
||||
},
|
||||
'License' => MSF_LICENSE,
|
||||
'Author' =>
|
||||
|
|
|
|||
|
|
@ -12,7 +12,10 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => "Cambium ePMP1000 'ping' Shell via Command Injection (up to v2.5)",
|
||||
'Description' => %{
|
||||
This module exploits an OS Command Injection vulnerability in Cambium ePMP1000 device management portal. It requires any one of the following login credentials - admin/admin, installer/installer, home/home - to set up a reverse netcat shell.
|
||||
This module exploits an OS Command Injection vulnerability in Cambium
|
||||
ePMP1000 device management portal. It requires any one of the following login
|
||||
credentials - admin/admin, installer/installer, home/home - to set up a reverse
|
||||
netcat shell.
|
||||
},
|
||||
'License' => MSF_LICENSE,
|
||||
'Author' =>
|
||||
|
|
|
|||
Loading…
Reference in New Issue