routersploit icon indicating copy to clipboard operation
routersploit copied to clipboard
verified publisher icon threat9

[HooToo] Multiple unauth exploits for TripMate series.

Open DePierre opened this issue 7 years ago • 3 comments

Three modules to exploit vulnerabilities in HooToo TripMate series:

  • Unauthenticated Remote Code Execution in /sysfirm.csp
  • Multiple Instances of Unauthenticated Operating System Command Injection in open_forwarding
  • Unauthenticated Arbitrary File Upload

I am not entirely sure that I am using shell() correctly so feel free to tell me what to change in those modules :)

They are still unpatched as of today, as far as I can tell, despite attempting to report them since October, 2017.

DePierre avatar Apr 25 '18 02:04 DePierre

Thanks for the contribution! Could you please separate this PR to multiple PRs so we can analyze all exploits separately?

lucyoa avatar Apr 27 '18 06:04 lucyoa

Hi @lucyoa, I would usually comply with this kind of requests but I really think that it is not necessary here.

All 3 exploits are simple to understand (1 command execution, 1 command injection and 1 path traversal) and because they are already in a file of their own, less than 100 LoC each, you can review them one after the other.

DePierre avatar Apr 27 '18 12:04 DePierre