Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adding Cable Haunt WebSocket DoS Module #12818

Merged
merged 5 commits into from
Mar 31, 2020
Merged

Conversation

nstarke
Copy link
Contributor

@nstarke nstarke commented Jan 13, 2020

This module exploits a vulnerability in Sagecom
Cable Modems from a variety of manufacturers. Since
the firmware for vulnerable modems will vary based
on Make, Model, and ISP, this module can only be
used to verify the presence of the vulnerability,
and not actually return a shell. Successful
exploitation will most likely disrupt all upstream
services. Module documentation is included in this
commit.

Please refer to module documentation for further information.

Addresses #12817

This module exploits a vulnerability in Sagecom
Cable Modems from a variety of manufacturers. Since
the firmware for vulnerable modems will vary based
on Make, Model, and ISP, this module can only be
used to verify the presence of the vulnerability,
and not actually return a shell. Successful
exploitation will most likely disrupt all upstream
services. Module documentation is included in this
commit.
@nstarke
Copy link
Contributor Author

nstarke commented Jan 13, 2020

I have no idea why this failed, can I get an assist?

@jmartin-tech
Copy link
Contributor

@msjenkins-r7 test this please.

@nstarke
Copy link
Contributor Author

nstarke commented Jan 22, 2020

Hello, just checking in to see if I can get a review on this module? thanks.

@nstarke
Copy link
Contributor Author

nstarke commented Mar 27, 2020

Just wanted to check in on this, while I'm in 'msf' mode. Can I get a review on this? Thanks!

@nstarke
Copy link
Contributor Author

nstarke commented Mar 27, 2020

I have emailed a PCAP of this to msfdev@metasploit.com in an effort to facilitate progress on this PR.

@wvu
Copy link
Contributor

wvu commented Mar 31, 2020

@nstarke: Please review, merge, and retest nstarke#5. Thank you.

@nstarke
Copy link
Contributor Author

nstarke commented Mar 31, 2020

Completed. Thanks for your help.

@wvu
Copy link
Contributor

wvu commented Mar 31, 2020

Thank you for the quick response! I'll be able to get this landed shortly. :)

@wvu wvu merged commit 23bc62d into rapid7:master Mar 31, 2020
@wvu
Copy link
Contributor

wvu commented Mar 31, 2020

Release Notes

This adds a WebSocket DoS module for the "Cable Haunt" vulnerability in certain cable modems.

@tperry-r7 tperry-r7 added the rn-modules release notes for new or majorly enhanced modules label Apr 15, 2020
This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
docs module rn-modules release notes for new or majorly enhanced modules
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants