module
Netgear R7000 backup.cgi Heap Overflow RCE
| Disclosed | Created |
|---|---|
| 2021-04-21 | 2021-07-29 |
Disclosed
2021-04-21
Created
2021-07-29
Description
This module exploits a heap buffer overflow in the genie.cgi?backup.cgi
page of Netgear R7000 routers running firmware version 1.0.11.116.
Successful exploitation results in unauthenticated attackers gaining
code execution as the root user.
The exploit utilizes these privileges to enable the telnet server
which allows attackers to connect to the target and execute commands
as the admin user from within a BusyBox shell. Users can connect to
this telnet server by running the command "telnet *target IP*".
page of Netgear R7000 routers running firmware version 1.0.11.116.
Successful exploitation results in unauthenticated attackers gaining
code execution as the root user.
The exploit utilizes these privileges to enable the telnet server
which allows attackers to connect to the target and execute commands
as the admin user from within a BusyBox shell. Users can connect to
this telnet server by running the command "telnet *target IP*".
Authors
colorlight2019
SSD Disclosure
Grant Willcox (tekwizz123)
SSD Disclosure
Grant Willcox (tekwizz123)
Platform
Linux
Architectures
armle
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.