Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
Add for Schneider Electric NET55XX Encoder (CVE -2019 -6814) #12049
Adding Schneider Electric Pelco NET55XX module affecting Webmin NET55XX versions (NET5501, NET5501-I, NET5501-XT, NET5504, NET5500,NET5516,NET550).
This module exploits an inadequate access control vulnerability creating a malicious json request to the webUI encoder, thus allowing the SSH service to be enabled and changing the root password.
msf5 exploit(unix/http/schneider_electric_net55xx_encoder) > set RHOSTS 192.168.34.2
 192.168.34.2:22 - Attempt to start a SSH connection...
Another thing, especially helpful with exploits that target specific hardware, is to include module docs with your PR that include how to setup vulnerable targets, what the module looks like in action, etc. (similar to what you provided in the PR description above). See https://github.com/rapid7/metasploit-framework/wiki/Writing-Module-Documentation for more info.