CVE-2014-10069 PoC — Hitron CVE-30360 安全漏洞

Source

https://github.com/aimoda/hitron-cfg-decrypter

Associated Vulnerability

Title:Hitron CVE-30360 安全漏洞 (CVE-2014-10069)
Description:Hitron CVE-30360 devices是中国仲琦（Hitron）公司的一款路由器设备。 Hitron CVE-30360设备中存在安全漏洞，该漏洞源于程序共享了使用的578A958E3DD933FC DES密钥。攻击者可通过解密备份配置文件利用该漏洞获取敏感信息。

Description

CVE-2014-10069

Readme

# Hitron CFG Decrypter

## Downloading

```sh
git clone https://github.com/Manouchehri/hitron-cfg-decrypter
cd hitron-cfg-decrypter/
```

## Decrypting

```sh
python decrypt.py -i sample.cfg.enc
```

## Encrypting

```sh
python decrypt.py -i sample.cfg.dec -m encrypt
```

## Getting the CFG

![Admin -> Backup -> Backup](web-screenshot.png)

Thanks to Michael Henke (@henkman) for his previous work on the Hitron CVE-30360.

File Snapshot


 [4.0K]  /data/pocs/9f1a495c270da25e49124f7566a40cf09e6f0c75
├── [1.6K]  decrypt.py
├── [  10]  main.py -> decrypt.py
├── [ 27K]  pyDes.py
├── [ 426]  README.md
├── [   9]  README.txt -> README.md
├── [3.5K]  sample.cfg.dec
├── [3.5K]  sample.cfg.enc
└── [139K]  web-screenshot.png

0 directories, 8 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!