Auerswald COMpact 8.0B Backdoors exploit

Last update: Nov 24, 2022

Overview

CVE-2021-40859

Auerswald COMpact 8.0B Backdoors exploit

About

Backdoors were discovered in Auerswald COMpact 5500R 7.8A and 8.0B devices, that allow attackers with access to the web based management application full administrative access to the device.

Product Details

Product: COMpact 3000 ISDN, COMpact 3000 analog, COMpact 3000 VoIP, COMpact 4000, COMpact 5000(R), COMpact 5200(R), COMpact 5500R, COMmander 6000(R)(RX), COMpact 5010 VoIP, COMpact 5020 VoIP, COMmander Business(19"), COMmander Basic.2(19").

Affected Versions: <= 8.0B (COMpact 4000, COMpact 5000(R), COMpact 5200(R), COMpact 5500R, COMmander 6000(R)(RX)), <= 4.0S (COMpact 3000 ISDN, COMpact 3000 analog, COMpact 3000 VoIP).

Fixed Versions: 8.2B, 4.0T.

Vulnerability Type: Backdoor.

Security Risk: high.

Installation

pip3 install requests lxml BeautifulSoup pandas

Usage

python3 CVE-2021-40859.py ip:port

Note

This exploit code checks if your Auerswald COMpact server is accessible using the backdoors.

Developer

D0rkerDevil wabaf3t

References

https://packetstormsecurity.com/files/165168/Auerswald-COMpact-8.0B-Backdoors.html

https://www.redteam-pentesting.de/advisories/rt-sa-2021-007

License

MIT

Auerswald COMpact 8.0B Backdoors exploit

Related tags

Overview

CVE-2021-40859

About

Product Details

Installation

Usage

Note

Developer

References

License

Owner

Ashish Kunwar

Scanning for CVE-2021-44228

A Burp Suite extension made to automate the process of finding reverse proxy path based SSRF.

Fast Fb Cracking Tool

Update of uncaptcha2 from 2019

A script to search, scrape and scan for Apache Log4j CVE-2021-44228 affected files using Google dorks

Execution After Redirect (EAR) / Long Response Redirection Vulnerability Scanner written in python3

Windows Virus who destroy some impotants files on C:\windows\system32\

FTP-Exploits is a tool made in python that contains 4 diffrent types of ftp exploits that can be used in Penetration Testing.

Python tool for dumping flash via uboot reliably

I hacked my own webcam from a Kali Linux VM in my local network, using Ettercap to do the MiTM ARP poisoning attack, sniffing with Wireshark, and using metasploit

Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading

Bypass's HCaptcha by overloading their api causing it to throwback a generated uuid. (Released due to exposure)

🎻 Modularized exploit generation framework

Unicode fuzzer for various purposes

Uncover the full name of a target on Linkedin.

Fast and customizable vulnerability scanner For JIRA written in Python

Facebook account cloning/hacking advanced tool + dictionary attack added | Facebook automation tool

AutoScan 有多个目标时，调用xray+rad进行自动扫描

Scanner for Intranet

A script based on sqlmap that uses sql injection vulnerabilities to traverse the existence of a file