Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2018-17873 PoC — WiFiRanger 访问控制错误漏洞

Source
https://github.com/Luct0r/CVE-2018-17873
Associated Vulnerability
Title:WiFiRanger 访问控制错误漏洞 (CVE-2018-17873)
Description:WiFiRanger是一款WiFi信号中继器。 使用7.0.8rc3及之前版本固件的WiFiRanger中的FTP配置存在访问控制错误漏洞。攻击者可利用该漏洞获取SSH私钥,以root用户身份登录。
Description
WiFiRanger 7.0.8rc3 Incorrect Access Control - Privilege Escalation
Readme
# CVE-2018-17873

WiFiRanger indoor routers (Core, GoAC) and their outdoor paired routers (Sky Pro, EliteAC, EliteAC FM) running firmware version 7.0.8rc3 and earlier allow anonymous FTP read/write access and have left the SSH Private Key in the clear - making it a trivial task to view/copy the key and log in with root privileges.

Adjacent network access required to exploit this vulnerability.

# Exploit:
Extremely simple shell script that grabs the private key and logs in as root.

# Usage:
```./wifiRangerPwn.sh <WiFiRanger IP>```
File Snapshot

 [4.0K]  /data/pocs/2a1f7db8bc12383c3641c4a26feaeb0e254f5dcf
├── [1.0K]  LICENSE
├── [ 539]  README.md
└── [ 135]  wifiRangerPwn.sh

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.