Closed awnumar closed 8 years ago
m0sia
commented
8 years ago Most embedded systems use busybox ash(or other tiny shell variations) that are not effected by shellshock.
If we are talking about well advertised vulnerabilities with unique names, then it make sense to add heartbleed. Many routers use old openssl.
lucyoa
commented
8 years ago @libeclipse @m0sia that are actually very good ideas. Shellshock vulnerability is not so common on embedded device nevertheless it is worth to implement module for this as well.
lucyoa
commented
8 years ago @libeclipse I added new module with this commit: 2e2f1646e8f0734ec52378c0bc5c302545397272 @m0sia I also added new module request for heartbleed: https://github.com/reverse-shell/routersploit/issues/72
Manufacturers are pretty relaxed about firmware updates. After shellshock was discovered, not many home devices were patched. I'd wager most home-routers can still be pwned using it.