Skip to content
/ CVE-2023-30765 Public

CVE-2023-30765 / ZDI-23-905 - Delta Electronics Infrasuite Device Master Privilege Escalation

0 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

0xfml/CVE-2023-30765

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits

README.md

README.md

 
 

cve-2023-30765.py

cve-2023-30765.py

 
 

Repository files navigation

CVE-2023-30765

CVE-2023-30765 / ZDI-23-905 - Delta Electronics Infrasuite Device Master Privilege Escalation

Bug credit: Piotr Bazydlo (@chudypb)
Links:

Usage

python3 cve-2023-30765.py -h
usage: cve-2023-30765.py [-h] -i TARGET [-p PORT] [-t] [--user USER] [--pass PWD] [-b]

Delta Electronics Infrasuite Device Master Privilege Escalation (CVE-2023-30765)

optional arguments:
  -h, --help            show this help message and exit
  -i TARGET, --target TARGET
                        Target Infrasuite instance
  -p PORT, --port PORT  Target webservice port (default:80)
  -t, --tls             Target webservice has tls (default:false)
  --user USER           Account to escalate
  --pass PWD            Account password
  -b, --brute           Brute-force default user:pass pairs

FYI

Couldnt find a way to enumerate group contents so this just adds the given user to the admins group with the original administrator. Might be temperamental for other users in that group. ymmv, yolo.

About

CVE-2023-30765 / ZDI-23-905 - Delta Electronics Infrasuite Device Master Privilege Escalation

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages