Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
CVE-2017-16709 - Awind SNMP RCE #11643
This module exploits a vulnerability found in AwindInc and OEM'ed products where untrusted inputs are fed to
Note: a valid SNMP read-write community is required to exploit this vulnerability.
The following devices are known to be affected by this issue:
Other devices might be affected by the same issue but lack of access to firmware forbids me from confirming that. See https://github.com/QKaiser/awind-research for full list of similar devices.
You should get a session.
Are there any outstanding changes left for this module? I did a once-over, and I have no suggestions for improvements.
Hey, @QKaiser, I'm not sure that we have any of these vulnerable devices so could you send a PCAP to msfdev[at]metasploit.com when you have some time? Thank you!
I don't think so.
Sure. I should be able to send a capture in the coming days, will notify you here when it's done :)
Sep 4, 2019
The AwindInc SNMP Service Command Injection module has been added to the framework. It exploits a vulnerability found in AwindInc and OEM'ed products where untrusted inputs are fed to