New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
added ZyXEL GS1510-16 Password Extractor #2709
added ZyXEL GS1510-16 Password Extractor #2709
Conversation
MSF doesn't take 0-days unless they were found being exploited in the wild. Please disclose this vuln to the vendor or a third-party bug bounty program such as ZDI. Alternatively, please provide a reference if it fact has been disclosed. Thanks
|
I was informed, that the product is EOL and therefor the vulnerability won't be addressed/fixed by ZyXEL. |
Ahh ok, cool. Can u add a ref for that somehow? Does their site say anything about EOL? -Josh
|
I imagine @disenchant was informed via e-mail, typically there's no reference for it unless you write a blog post. If you don't have a writeup, feel free to use this pull request as a reference since you already explained the situation. Thanks. |
@kernelsmith wrote:
This is incorrect. While we encourage researchers to practice some kind of reasonable disclosure, and will help them through the process that we stick to at Rapid7, if someone wants to disclose zero days in the form of public pull requests, we will certainly take the module. The alternative is that the full disclosure crowd will simply dump their findings to mailing lists, and that's much more of a hassle to monitor. So, @disenchant, do use a URL reference of |
I think this is mostly good to go except that:
report_auth_info(
:host => rhost,
:port => rport,
:sname => "ZyXEL GS1510-16",
:user => 'admin',
:pass => admin_password,
:active => true
) |
Hmm, you removed the github reference in the last commit? cb98d68 |
Thanks. Code looks pretty much good to go. Just need to make sure it works...... |
Never mind, just got the video. Thanks for the e-mail. |
Module merged. Thanks for the PR. |
The description on this module is less than descriptive. :) Giving it a shot in the pre-release cleanup |
Here's an auxiliary module which exploits a 0-day in at least ZyXEL GS1510-16 switches (not tested on other models) which allows us to extract the admin password.