目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CVE-2025-5095 PoC — Burk Technology ARC Solo 访问控制错误漏洞

来源
https://github.com/TeteuXD2/CVE-2025-5095-POC
关联漏洞
标题:Burk Technology ARC Solo 访问控制错误漏洞 (CVE-2025-5095)
Description:Burk Technology ARC Solo是美国Burk公司的一个IP基础远程监控和控制系统。 Burk Technology ARC Solo存在访问控制错误漏洞,该漏洞源于密码更改机制未正确验证身份验证,可能导致设备接管。
Description
Python POC for CVE-2025-5095
介绍
How To Use:

Open Login.htm and edit the places where IP:PORT is to the victim address

<img width="1134" height="466" alt="image" src="https://github.com/user-attachments/assets/107a5515-1c32-4404-b19c-ca382ff6eeb3" />

Edit the var LoginVersion = "Check On The Victim Site"; part to the victim page version, by this, you can visit the victim page and view as source
**WARNING: THIS CVE ONLY WORKS ON VERSIONS OLDER THAN 1.0.60**

<img width="506" height="112" alt="image" src="https://github.com/user-attachments/assets/9ab72bc9-f7d8-4538-8aac-d52ffcfd422b" />

Download the post.json file from the victim site (http://victimip:port/post.json)
Move it to the script folder and you gonna have 3 files

<img width="629" height="86" alt="image" src="https://github.com/user-attachments/assets/c5fe5bb8-b70f-4d58-9132-1b2c6ddab233" />

Now run the python file and access 127.0.0.1:8080/login.htm (If the port 8080 is already in use, you can change by opening the script on a text editor and change the last part)

<img width="574" height="60" alt="image" src="https://github.com/user-attachments/assets/e5d60db5-16a1-4ea2-b649-5153f00addd7" />

*Ignore the alert when opening the login page*

Open A Terminal And use this curl commands, if it prints "success" it worked.

curl -v -X POST http://localhost:8080/post.json -d "UserPassword0=newtestpass"

curl -v -X POST http://localhost:8080/post.json -d "UsersSaveConfig=true"

<img width="1014" height="758" alt="image" src="https://github.com/user-attachments/assets/98e696e9-6443-4bd0-aff9-560bde720c04" />

To check if the page changed, send this command:

curl http://localhost:8080/check_password

Now, visit the victim site (not the localhost one) and insert the new password, on this example, the password is "newtestpass"
文件快照

 [4.0K]  /data/pocs/3e026908476ffdc40aad1bba9b15055e8282333e
├── [1.0K]  app.py
├── [ 34K]  LICENSE
├── [ 10K]  login.htm
├── [8.7K]  post.json
└── [1.7K]  README.md

0 directories, 5 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。