This is the combination of already available exploit and attack techniques.
Serve exploit.html as the index of a local webserver.
Craft a tailored payload.shell to verify the execution.
Open a web browser and visit 7f000001.c0a801fe.rbndr.us
(switch between localhost and 192.168.1.254).
Nothing prevents remote exploitation, root is gained. Shell shoveling and verification is voluntarily omitted.
See exploit.coffee to inspect the code.
- http://www.fastweb.it/forum/servizi-rete-fissa-tematiche-tecniche/urgente-vulnerabilita-modem-fastgate-0-00-47-t22720.html
- https://www.exploit-db.com/exploits/44606/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6023
- https://github.com/taviso/rbndr
- https://github.com/Depau/fastgate-python
- https://github.com/Nimayer/fastgate-toolkit