关联漏洞
标题:Cisco Linksys SMART WiFi固件信息泄露漏洞 (CVE-2014-8244)Description:Cisco Linksys SMART WiFi firmware on EA2700和EA3500等是美国思科(Cisco)公司的运行于EA系列路由器中的固件。 Cisco Linksys SMART WiFi固件中存在安全漏洞。远程攻击者可借助JNAP/ HTTP请求上的JNAP操作利用该漏洞获取敏感信息或修改数据。以下版本受到影响:EA2700和EA3500设备上的Linksys SMART WiFi固件,E4200v2和EA4500设备上的Linksys SMART WiFi固件2.1.41 bu
Description
Python3 script to scan for Linksys smart wifi devices that are vulnerable to CVE-2014-8244
介绍
# LinksysLeaks
Python3 script to scan for Linksys smart wifi devices that are vulnerable to CVE-2014-8244
This script was created to help me find vulnerable smart wifi devices that leak sensitive information,known as CVE-2014-8244.
You have the option to either scan a single ip or a text file with multiple IPs. optional arguements includes port to scan, timeout, save found devices to a text file, and check admin password.
At the moment the script only checks if it finds a device and if its default password "admin" is in use. Other leak functions and arguements will be added later.(Device info such as fw date/version, connected devices, DDNS status, and more)
I created this for educational purposes so please keep it that way when you use it, only test on your network or a network you have permission to test on.
Usage:
single IP - python3 main.py --target 10.0.0.1
file IPs - python3 main.py --file fileName.txt
文件快照
[4.0K] /data/pocs/b0e8730a2b906d1b0ff7baabcdb1d0499997ee2f
├── [6.7K] deviceleaks.py
├── [1.8K] main.py
├── [ 934] README.md
├── [ 99] requirements.txt
└── [ 586] setArgs.py
0 directories, 5 files
备注
1. 建议优先通过来源进行访问。
2. 本地 POC 快照面向订阅用户开放;当原始来源失效或无法访问时,本地镜像作为订阅权益的一部分提供。
3. 持续抓取、验证、维护这份 POC 档案需要不少投入,因此本地快照已纳入付费订阅。您的订阅是让这份资料能继续走下去的关键,由衷感谢。 查看订阅方案 →