Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2014-10069 PoC — Hitron CVE-30360 安全漏洞

Source
https://github.com/aimoda/hitron-cfg-decrypter
Associated Vulnerability
Title:Hitron CVE-30360 安全漏洞 (CVE-2014-10069)
Description:Hitron CVE-30360 devices use a 578A958E3DD933FC DES key that is shared across different customers' installations, which makes it easier for attackers to obtain sensitive information by decrypting a backup configuration file, as demonstrated by a password hash in the um_auth_account_password field.
Description
CVE-2014-10069
Readme
# Hitron CFG Decrypter

## Downloading

```sh
git clone https://github.com/Manouchehri/hitron-cfg-decrypter
cd hitron-cfg-decrypter/
```

## Decrypting

```sh
python decrypt.py -i sample.cfg.enc
```

## Encrypting

```sh
python decrypt.py -i sample.cfg.dec -m encrypt
```

## Getting the CFG

![Admin -> Backup -> Backup](web-screenshot.png)

Thanks to Michael Henke (@henkman) for his previous work on the Hitron CVE-30360.
File Snapshot

 [4.0K]  /data/pocs/9f1a495c270da25e49124f7566a40cf09e6f0c75
├── [1.6K]  decrypt.py
├── [  10]  main.py -> decrypt.py
├── [ 27K]  pyDes.py
├── [ 426]  README.md
├── [   9]  README.txt -> README.md
├── [3.5K]  sample.cfg.dec
├── [3.5K]  sample.cfg.enc
└── [139K]  web-screenshot.png

0 directories, 8 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →